* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2017-02-20 0:36 Robin H. Johnson
0 siblings, 0 replies; 12+ messages in thread
From: Robin H. Johnson @ 2017-02-20 0:36 UTC (permalink / raw
To: gentoo-commits
commit: ae15b9c52b27b65fbed9a3520666e1ae084ce054
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 19 23:25:12 2017 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Mon Feb 20 00:36:31 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae15b9c5
net-nds/openldap: drop old ebuilds.
Package-Manager: portage-2.3.2
net-nds/openldap/Manifest | 5 -
.../openldap/files/openldap-2.4.33-gnutls.patch | 60 --
.../files/openldap-2.4.40-mdb-unbundle.patch | 136 ----
net-nds/openldap/files/slapd-initd-2.4.28-r1 | 36 -
net-nds/openldap/files/slapd-initd-2.4.40 | 51 --
net-nds/openldap/files/slapd-initd-2.4.40-r1 | 65 --
net-nds/openldap/openldap-2.4.38-r2.ebuild | 761 -------------------
net-nds/openldap/openldap-2.4.39.ebuild | 760 -------------------
net-nds/openldap/openldap-2.4.40-r2.ebuild | 822 --------------------
net-nds/openldap/openldap-2.4.40-r4.ebuild | 822 --------------------
net-nds/openldap/openldap-2.4.40.ebuild | 822 --------------------
net-nds/openldap/openldap-2.4.42-r1.ebuild | 829 --------------------
net-nds/openldap/openldap-2.4.42.ebuild | 819 --------------------
net-nds/openldap/openldap-2.4.43-r1.ebuild | 831 ---------------------
net-nds/openldap/openldap-2.4.43.ebuild | 826 --------------------
15 files changed, 7645 deletions(-)
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest
index d299ef0718..0f5b7b5f57 100644
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@@ -1,8 +1,3 @@
DIST openldap-2.3.43.tgz 3803011 SHA256 d7d2dea05362c8ac7e11bb7bf1da4cdeb07225ba8dc16974bff9f51a9f3d37e1 SHA512 2b0ebb35adbeed34673e1a55cc7a89b348ddee7ad6ce7f915ca3745198cee992aba7281bf0d56197dcfd59665935d5d3764db0ba487975e4dbc2a2507d6ea7a6 WHIRLPOOL 7457112bbad83d75f7ad01230da97511a8d983a98f7e31357dbffd79a7ed7e53057af781002cae8c610d3ad7834dfeefbd7f223798d45aea8cd00b70f5ee0e39
-DIST openldap-2.4.38.tgz 5506085 SHA256 88209a3599ec5d9354fc09bbe29b99db1ffa1b612127c06bad0c5265d0b31fd1 SHA512 df7b6b2b84102ba996f84575396c7505ada851b5f09841fd821d34fd8d62580f85ecc655e2cd3965730b44d6919d64864f56b23791f38b411d142d345f250666 WHIRLPOOL bb6a19b353f9dcde07afe78052ce9d5db5a2aaa09236b69d22da0879e74c4de8587312bad66939702db30af779f7ee9720ad792b73d225f004a1a90d80a6fed1
-DIST openldap-2.4.39.tgz 5509060 SHA256 8267c87347103fef56b783b24877c0feda1063d3cb85d070e503d076584bf8a7 SHA512 7b5ef2a69f79f0901a06f8be4ab50afc3b3e98ab1ea74a421569443d32cb43d3cf773d3f028fb5fb39908c09ee172cb4770ecc5882754877a59d29bf8f8cc059 WHIRLPOOL 90ac4cff185855d569a8033a3e35a251d75e4a2805bcfa5ba5b3605ec88b2fc244b0e95aabd33c47c9846f29c95a17e1be43650442987f6abc043667e06f15cd
-DIST openldap-2.4.40.tgz 5641865 SHA256 d12611a5c25b6499293c2bb7b435dc2b174db73e83f5a8cb7e34f2ce5fa6dadb SHA512 c803c4a82878891d60414d64dcb54a7c3f08675106ba13f50cba06034a97b3eee1c238761dd5ddad97d8c3f6675d9bbbec176d0340eb4a3bcd808f940baabab5 WHIRLPOOL 82cb6033798ac69faf4a0d1f5d7716316f5fbfc67e0f3a013b5bae461a01e3029aa6fb7d510bc14eed4f40ef83632561a3fa39aebf2be2785e3d0e0038db048c
-DIST openldap-2.4.42.tgz 5645925 SHA256 eeb7b0e2c5852bfd2650e83909bb6152835c0b862fab10b63954dc1bcbba8e63 SHA512 52d6af7610c4fdc8f965ebea04d09c38f73773a02c2e484dc111100f3d472f8b2f766ca32d9c80f5815a57745095cc7c33ad62d9165eec5b9e252ae172e7782c WHIRLPOOL e151c63bfd10f5e96c60f216925315ed788d426ba2c15ee2793a4de4bb25d01717e7bb5144814a0e6a053a5d5a0aab75213a495aa47aa13f7c3e70716c01633e
-DIST openldap-2.4.43.tgz 5654057 SHA256 34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8 SHA512 1306206bf22fcec2ccf4b91fd7eadf0207e7015f20d761a4055b0e0213fe1f4c275eec933d86220b03b558650439e74cdca07db05e8debb54d38be4e983b3631 WHIRLPOOL 0d4dc1c1f36f85c4711d0ec1d11107dac242f1d69b4f183e7762cc3ed3d7221c45bd44777e7441afe10156abc487da18f9bdf748244123dd62a241aefe7bca3f
DIST openldap-2.4.44.tgz 5658830 SHA256 d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400 SHA512 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 WHIRLPOOL 37399793d681a6489c369d663772970c62a4e1e370d4dc306bcb6fa3b9cb680139c9d940d9218aaac4618f50a63bc391b10f2aec0a134f84094ce4f7378c88ff
DIST rfc2307bis.schema-20140524 12262 SHA256 6cd8154ad86be1d6bb88a79c303dc10a49bce4ce7d21bb417a951d6496df30b1 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e WHIRLPOOL 40cef24529fb4bfc1661d03088eccdb17d9056d696b2bf0e698fa248d03f508ba776784bf8abbaffb5f4c2c59b59b29525b4be2babc978fed681e5e3c88073de
diff --git a/net-nds/openldap/files/openldap-2.4.33-gnutls.patch b/net-nds/openldap/files/openldap-2.4.33-gnutls.patch
deleted file mode 100644
index 2b07c85c04..0000000000
--- a/net-nds/openldap/files/openldap-2.4.33-gnutls.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 98de912932732f1441300eb64ca3070ff1469fcf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz>
-Date: Sun, 30 Dec 2012 21:11:06 +0100
-Subject: [PATCH] GnuTLS 3.0 removed gnutls_certificate_get_x509_cas()
-
----
- libraries/libldap/tls_g.c | 23 +++++++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
-index 40616f5..374514d 100644
---- a/libraries/libldap/tls_g.c
-+++ b/libraries/libldap/tls_g.c
-@@ -60,6 +60,12 @@
- #undef HAVE_GCRYPT_RAND
- #endif
-
-+#if LIBGNUTLS_VERSION_NUMBER >= 0x030000
-+#define HAVE_GNUTLS_CERTIFICATE_GET_ISSUER 1
-+#else
-+#undef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
-+#endif
-+
- #ifndef HAVE_CIPHERSUITES
- /* Versions prior to 2.2.0 didn't handle cipher suites, so we had to
- * kludge them ourselves.
-@@ -368,6 +374,22 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
- * then we have to build the cert chain.
- */
- if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
-+#ifdef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
-+ gnutls_x509_crt_t issuer;
-+ unsigned int i;
-+
-+ for ( i = 1; i<VERIFY_DEPTH; i++ ) {
-+ /* If no CA is known, we're done */
-+ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1],
-+ &issuer, 0 ) )
-+ break;
-+ certs[i] = issuer;
-+ max++;
-+ /* If this CA is self-signed, we're done */
-+ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
-+ break;
-+ }
-+#else
- gnutls_x509_crt_t *cas;
- unsigned int i, j, ncas;
-
-@@ -387,6 +409,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
- if ( j == ncas )
- break;
- }
-+#endif /* !defined HAVE_GNUTLS_CERTIFICATE_GET_ISSUER */
- }
- rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
- if ( rc ) return -1;
---
-1.8.0.2
-
diff --git a/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch b/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch
deleted file mode 100644
index 9265a01701..0000000000
--- a/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch
+++ /dev/null
@@ -1,136 +0,0 @@
---- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200
-+++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200
-@@ -160,6 +160,7 @@
- LTHREAD_LIBS = @LTHREAD_LIBS@
-
- BDB_LIBS = @BDB_LIBS@
-+MDB_LIBS = @MDB_LIBS@
- SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
-
- LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
---- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200
-+++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200
-@@ -563,6 +563,38 @@
- ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
- ])
-
-+dnl --------------------------------------------------------------------
-+dnl Check for version compatility with back-mdb
-+AC_DEFUN([OL_MDB_COMPAT],
-+[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[
-+ AC_EGREP_CPP(__mdb_version_compat,[
-+#include <lmdb.h>
-+
-+/* require 0.9.14 or later */
-+#if MDB_VERSION_FULL >= 0x00000009000E
-+ __mdb_version_compat
-+#endif
-+ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])])
-+])
-+
-+dnl
-+dnl --------------------------------------------------------------------
-+dnl Find any MDB
-+AC_DEFUN([OL_MDB],
-+[ol_cv_mdb=no
-+AC_CHECK_HEADERS(lmdb.h)
-+if test $ac_cv_header_lmdb_h = yes; then
-+ OL_MDB_COMPAT
-+
-+ if test $ol_cv_mdb_compat != yes ; then
-+ AC_MSG_ERROR([LMDB version incompatible with MDB backends])
-+ fi
-+
-+ ol_cv_lib_mdb=-llmdb
-+ ol_cv_mdb=yes
-+fi
-+])
-+
- dnl
- dnl ====================================================================
- dnl Check POSIX Thread version
---- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200
-+++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200
-@@ -25,11 +25,10 @@
- extended.lo operational.lo \
- attr.lo index.lo key.lo filterindex.lo \
- dn2entry.lo dn2id.lo id2entry.lo idl.lo \
-- nextid.lo monitor.lo mdb.lo midl.lo
-+ nextid.lo monitor.lo
-
- LDAP_INCDIR= ../../../include
- LDAP_LIBDIR= ../../../libraries
--MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
-
- BUILD_OPT = "--enable-mdb"
- BUILD_MOD = @BUILD_MDB@
-@@ -44,7 +43,7 @@
-
- LIBBASE = back_mdb
-
--XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR)
-+XINCPATH = -I.. -I$(srcdir)/..
- XDEFS = $(MODULES_CPPFLAGS)
-
- all-local-lib: ../.backend
-@@ -52,11 +51,5 @@
- ../.backend: lib$(LIBBASE).a
- @touch $@
-
--mdb.lo: $(MDB_SUBDIR)/mdb.c
-- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c
--
--midl.lo: $(MDB_SUBDIR)/midl.c
-- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c
--
- veryclean-local-lib: FORCE
- $(RM) $(XXHEADERS) $(XXSRCS) .links
---- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200
-+++ ./configure.in 2014-10-24 10:51:34.372846374 +0200
-@@ -519,6 +519,7 @@
- dnl Initialize vars
- LDAP_LIBS=
- BDB_LIBS=
-+MDB_LIBS=
- SLAPD_NDB_LIBS=
- SLAPD_NDB_INCS=
- LTHREAD_LIBS=
-@@ -1905,6 +1906,30 @@
- fi
-
- dnl ----------------------------------------------------------------
-+ol_link_mdb=no
-+
-+if test $ol_enable_mdb != no; then
-+ OL_MDB
-+
-+ if test $ol_cv_mdb = no ; then
-+ AC_MSG_ERROR(MDB: LMDB not available)
-+ fi
-+
-+ AC_DEFINE(HAVE_MDB,1,
-+ [define this if LMDB is available])
-+
-+ dnl $ol_cv_lib_mdb should be yes or -llmdb
-+ dnl (it could be no, but that would be an error
-+ if test $ol_cv_lib_mdb != yes ; then
-+ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb"
-+ fi
-+
-+ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)"
-+
-+ ol_link_mdb=yes
-+fi
-+
-+dnl ----------------------------------------------------------------
-
- if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then
- BUILD_LIBS_DYNAMIC=shared
-@@ -3133,6 +3158,7 @@
- AC_SUBST(LDAP_LIBS)
- AC_SUBST(SLAPD_LIBS)
- AC_SUBST(BDB_LIBS)
-+AC_SUBST(MDB_LIBS)
- AC_SUBST(SLAPD_NDB_LIBS)
- AC_SUBST(SLAPD_NDB_INCS)
- AC_SUBST(LTHREAD_LIBS)
diff --git a/net-nds/openldap/files/slapd-initd-2.4.28-r1 b/net-nds/openldap/files/slapd-initd-2.4.28-r1
deleted file mode 100644
index 0bb8c81cbc..0000000000
--- a/net-nds/openldap/files/slapd-initd-2.4.28-r1
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="checkconfig"
-
-[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
-
-depend() {
- need net
- before dbus hald avahi-daemon
- provide ldap
-}
-
-start() {
- checkpath -q -d /var/run/openldap/ -o ldap:ldap
- if ! checkconfig -Q ; then
- eerror "There is a problem with your slapd.conf!"
- return 1
- fi
- ebegin "Starting ldap-server"
- [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
- eval start-stop-daemon --start --pidfile /var/run/openldap/${SVCNAME}.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
- eend $?
-}
-
-stop() {
- ebegin "Stopping ldap-server"
- start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/${SVCNAME}.pid
- eend $?
-}
-
-checkconfig() {
- /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
-}
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40 b/net-nds/openldap/files/slapd-initd-2.4.40
deleted file mode 100644
index 473e9fd0e7..0000000000
--- a/net-nds/openldap/files/slapd-initd-2.4.40
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="checkconfig"
-
-[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
-PIDDIR=/run/openldap
-PIDFILE=$PIDDIR/$SVCNAME.pid
-
-depend() {
- need net
- before dbus hald avahi-daemon
- provide ldap
-}
-
-start() {
- checkpath -q -d ${PIDDIR} -o ldap:ldap
- if ! checkconfig -Q ; then
- eerror "There is a problem with your slapd.conf!"
- return 1
- fi
- ebegin "Starting ldap-server"
- [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
- eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
- eend $?
-}
-
-stop() {
- ebegin "Stopping ldap-server"
- start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
- eend $?
-}
-
-checkconfig() {
- # checks requested by bug #502948
- for d in `awk '/^directory/{print $2}'`; do
- if [ ! -d $d ]; then
- eerror "Directory $d in config does not exist!"
- return 1
- fi
- /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
- if [ $? -ne 0 ]; then
- ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
- fi
- [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
- done
- # now test the config fully
- /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
-}
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r1 b/net-nds/openldap/files/slapd-initd-2.4.40-r1
deleted file mode 100644
index 3547e07518..0000000000
--- a/net-nds/openldap/files/slapd-initd-2.4.40-r1
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="checkconfig"
-
-[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
-PIDDIR=/run/openldap
-PIDFILE=$PIDDIR/$SVCNAME.pid
-
-depend() {
- need net
- before dbus hald avahi-daemon
- provide ldap
-}
-
-start() {
- checkpath -q -d ${PIDDIR} -o ldap:ldap
- if ! checkconfig -Q ; then
- eerror "There is a problem with your slapd.conf!"
- return 1
- fi
- ebegin "Starting ldap-server"
- [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
- eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
- eend $?
-}
-
-stop() {
- ebegin "Stopping ldap-server"
- start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
- eend $?
-}
-
-checkconfig() {
- # checks requested by bug #502948
- # Step 1: extract the last valid config file or config dir
- set -- $OPTS
- while [ -n "$*" ]; do
- opt=$1 ; shift
- if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then
- CONF=$1
- shift
- fi
- done
- set --
- # Fallback
- CONF=${CONF-/etc/openldap/slapd.conf}
- [ -d $CONF ] && CONF=${CONF}/*
- DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \$2}"' $CONF`
- for d in $DBDIRS; do
- if [ ! -d $d ]; then
- eerror "Directory $d in config does not exist!"
- return 1
- fi
- /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
- if [ $? -ne 0 ]; then
- ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
- fi
- [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
- done
- # now test the config fully
- /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
-}
diff --git a/net-nds/openldap/openldap-2.4.38-r2.ebuild b/net-nds/openldap/openldap-2.4.38-r2.ebuild
deleted file mode 100644
index d084145f42..0000000000
--- a/net-nds/openldap/openldap-2.4.38-r2.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? ( sys-libs/db )
- smbkrb5passwd? (
- dev-libs/openssl
- app-crypt/heimdal )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- NEWVER="$(use berkdb && db_findver sys-libs/db)"
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-flags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I$(db_includedir)
- else
- ewarn
- ewarn "Note: if you disable berkdb, you can only use remote-backends!"
- ewarn
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared static; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- emake \
- DEFS="-DDO_SAMBA -DDO_KRB5 -DDO_SHADOW" \
- KRB5_INC="$(krb5-config --cflags)" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- make tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- elog "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- newinitd "${FILESDIR}"/slapd-initd-2.4.28-r1 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- docinto contrib
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- doman allop/slapo-allop.5
- newdoc autogroup/README autogroup-README
- newdoc denyop/denyop.c denyop-denyop.c
- newdoc dsaschema/README dsaschema-README
- doman lastmod/slapo-lastmod.5
- doman nops/slapo-nops.5
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT never' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.39.ebuild b/net-nds/openldap/openldap-2.4.39.ebuild
deleted file mode 100644
index c6ee37f539..0000000000
--- a/net-nds/openldap/openldap-2.4.39.ebuild
+++ /dev/null
@@ -1,760 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? ( sys-libs/db )
- smbkrb5passwd? (
- dev-libs/openssl
- app-crypt/heimdal )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- NEWVER="$(use berkdb && db_findver sys-libs/db)"
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-flags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I$(db_includedir)
- else
- ewarn
- ewarn "Note: if you disable berkdb, you can only use remote-backends!"
- ewarn
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared static; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- emake \
- DEFS="-DDO_SAMBA -DDO_KRB5 -DDO_SHADOW" \
- KRB5_INC="$(krb5-config --cflags)" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- make tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- elog "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- newinitd "${FILESDIR}"/slapd-initd-2.4.28-r1 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- docinto contrib
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- doman allop/slapo-allop.5
- newdoc autogroup/README autogroup-README
- newdoc denyop/denyop.c denyop-denyop.c
- newdoc dsaschema/README dsaschema-README
- doman lastmod/slapo-lastmod.5
- doman nops/slapo-nops.5
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT never' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.40-r2.ebuild b/net-nds/openldap/openldap-2.4.40-r2.ebuild
deleted file mode 100644
index 2b1bd80466..0000000000
--- a/net-nds/openldap/openldap-2.4.40-r2.ebuild
+++ /dev/null
@@ -1,822 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.14
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- dev-libs/openssl
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-cppflags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r1 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.40-r4.ebuild b/net-nds/openldap/openldap-2.4.40-r4.ebuild
deleted file mode 100644
index f0cf71b4cb..0000000000
--- a/net-nds/openldap/openldap-2.4.40-r4.ebuild
+++ /dev/null
@@ -1,822 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.14
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- dev-libs/openssl
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-cppflags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.40.ebuild b/net-nds/openldap/openldap-2.4.40.ebuild
deleted file mode 100644
index c5bede00f1..0000000000
--- a/net-nds/openldap/openldap-2.4.40.ebuild
+++ /dev/null
@@ -1,822 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? ( sys-libs/db )
- smbkrb5passwd? (
- dev-libs/openssl
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-
- # USE=-minimal
- /usr/include/lmdb.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- NEWVER="$(use berkdb && db_findver sys-libs/db)"
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- sed -i.orig \
- -e '/IDOCS.*DESTDIR/s,/man/man1,/share/man/man1,g' \
- -e '/ILIBS.*DESTDIR/s,/lib,/$(LIBDIR),g' \
- "${S}"/libraries/liblmdb/Makefile \
- || die "Failed to fix LMDB manpage install location"
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-cppflags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I$(db_includedir)
- else
- ewarn
- ewarn "Note: if you disable berkdb, you can only use remote-backends!"
- ewarn
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- # LMDB tools
- cp -ral "${S}"/libraries/liblmdb "${BUILD_DIR}"/libraries/liblmdb || die
- cd "${BUILD_DIR}"/libraries/liblmdb || die
- emake CC="${CC}" CXX="${CXX}" OPT="${CFLAGS}" prefix="${EPREFIX}/usr" DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash LIBDIR="$(get_libdir)"
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- make tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # LMDB tools
- cd "${BUILD_DIR}"/libraries/liblmdb || die
- dodir /usr/include /usr/lib /usr/bin /usr/share/man/man1 # otherwise this will make them files :-(
- emake CC="${CC}" CXX="${CXX}" OPT="${CFLAGS}" prefix="${EPREFIX}/usr" DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash LIBDIR="$(get_libdir)" install
-
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- docinto liblmdb ; dodoc "${S}"/libraries/liblmdb/{sample*txt,CHANGES,COPYRIGHT,LICENSE}
- doman "${S}"/libraries/liblmdb/*.1
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.42-r1.ebuild b/net-nds/openldap/openldap-2.4.42-r1.ebuild
deleted file mode 100644
index 2b8a56f637..0000000000
--- a/net-nds/openldap/openldap-2.4.42-r1.ebuild
+++ /dev/null
@@ -1,829 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )
- ?? ( gnutls libressl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? (
- !gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
- )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.17
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.42.ebuild b/net-nds/openldap/openldap-2.4.42.ebuild
deleted file mode 100644
index e3e20faa16..0000000000
--- a/net-nds/openldap/openldap-2.4.42.ebuild
+++ /dev/null
@@ -1,819 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.17
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- dev-libs/openssl
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.43-r1.ebuild b/net-nds/openldap/openldap-2.4.43-r1.ebuild
deleted file mode 100644
index c10ab6232b..0000000000
--- a/net-nds/openldap/openldap-2.4.43-r1.ebuild
+++ /dev/null
@@ -1,831 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos kinit"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )
- ?? ( gnutls libressl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? (
- !gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
- )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.17
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? (
- virtual/krb5
- kinit? ( !app-crypt/heimdal )
- )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- if use kinit ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- fi
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.43.ebuild b/net-nds/openldap/openldap-2.4.43.ebuild
deleted file mode 100644
index d16b8b3c75..0000000000
--- a/net-nds/openldap/openldap-2.4.43.ebuild
+++ /dev/null
@@ -1,826 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )
- ?? ( gnutls libressl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? (
- !gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
- )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.17
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2019-02-21 19:47 Patrick McLean
0 siblings, 0 replies; 12+ messages in thread
From: Patrick McLean @ 2019-02-21 19:47 UTC (permalink / raw
To: gentoo-commits
commit: 2d676affba9a313563bee463daba47235862724b
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Thu Feb 21 19:47:25 2019 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Feb 21 19:47:47 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d676aff
net-nds/openldap: Add libressl patch to 2.4.47, also fix warnings
Forward patches the libressl patch from 2.4.45-r1, also adds a patch
that silences implicit definition warnings.
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
.../openldap/files/openldap-2.4.47-libressl.patch | 58 ++++++++++++++++++++++
.../openldap/files/openldap-2.4.47-warnings.patch | 41 +++++++++++++++
net-nds/openldap/openldap-2.4.47.ebuild | 6 +++
3 files changed, 105 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.4.47-libressl.patch b/net-nds/openldap/files/openldap-2.4.47-libressl.patch
new file mode 100644
index 00000000000..5e5b3e37bf0
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.47-libressl.patch
@@ -0,0 +1,58 @@
+diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
+index b0277dfe9..8a3f47a74 100644
+--- a/libraries/libldap/tls_o.c
++++ b/libraries/libldap/tls_o.c
+@@ -50,7 +50,7 @@
+ #include <ssl.h>
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
+ #endif
+
+@@ -200,7 +200,7 @@ tlso_init( void )
+ (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ SSL_load_error_strings();
+ SSL_library_init();
+ OpenSSL_add_all_digests();
+@@ -252,7 +252,7 @@ static void
+ tlso_ctx_ref( tls_ctx *ctx )
+ {
+ tlso_ctx *c = (tlso_ctx *)ctx;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
+ #endif
+ SSL_CTX_up_ref( c );
+@@ -511,7 +511,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *der_dn )
+ if (!x) return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -547,7 +547,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval *der_dn )
+ return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -768,7 +768,7 @@ struct tls_data {
+ Sockbuf_IO_Desc *sbiod;
+ };
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define BIO_set_init(b, x) b->init = x
+ #define BIO_set_data(b, x) b->ptr = x
+ #define BIO_clear_flags(b, x) b->flags &= ~(x)
diff --git a/net-nds/openldap/files/openldap-2.4.47-warnings.patch b/net-nds/openldap/files/openldap-2.4.47-warnings.patch
new file mode 100644
index 00000000000..d75bd0d3c5d
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.47-warnings.patch
@@ -0,0 +1,41 @@
+diff --git a/include/ldap.h b/include/ldap.h
+index c245651c2..7f14f1051 100644
+--- a/include/ldap.h
++++ b/include/ldap.h
+@@ -2041,6 +2041,10 @@ LDAP_F( int )
+ ldap_is_ldapi_url LDAP_P((
+ LDAP_CONST char *url ));
+
++LDAP_F( int )
++ldap_is_ldapc_url LDAP_P((
++ LDAP_CONST char *url ));
++
+ LDAP_F( int )
+ ldap_url_parse LDAP_P((
+ LDAP_CONST char *url,
+diff --git a/include/ldap_int_thread.h b/include/ldap_int_thread.h
+index e2dd8a942..bbc07c845 100644
+--- a/include/ldap_int_thread.h
++++ b/include/ldap_int_thread.h
+@@ -33,7 +33,7 @@ LDAP_END_DECL
+ * definitions for POSIX Threads *
+ * *
+ **********************************/
+-
++#define __USE_UNIX98
+ #include <pthread.h>
+ #ifdef HAVE_SCHED_H
+ #include <sched.h>
+diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
+index d25c190ea..639f598e7 100644
+--- a/libraries/libldap/tls2.c
++++ b/libraries/libldap/tls2.c
+@@ -76,6 +76,8 @@ static oid_name oids[] = {
+
+ #ifdef HAVE_TLS
+
++int ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in );
++
+ void
+ ldap_pvt_tls_ctx_free ( void *c )
+ {
diff --git a/net-nds/openldap/openldap-2.4.47.ebuild b/net-nds/openldap/openldap-2.4.47.ebuild
index 1f5e9a429ea..b05c43ed9ff 100644
--- a/net-nds/openldap/openldap-2.4.47.ebuild
+++ b/net-nds/openldap/openldap-2.4.47.ebuild
@@ -162,6 +162,12 @@ PATCHES=(
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
+
+ # bug #622464
+ "${FILESDIR}"/${PN}-2.4.47-libressl.patch
+
+ # fix some compiler warnings
+ "${FILESDIR}"/${PN}-2.4.47-warnings.patch
)
openldap_filecount() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2021-03-25 13:14 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2021-03-25 13:14 UTC (permalink / raw
To: gentoo-commits
commit: db9673b00c52df4cd59ed568f25e2b88dd512074
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 13:13:59 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 13:14:30 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db9673b0
Revert "net-nds/openldap: fix build with slibtool"
This reverts commit 2f022ebed59863e745ac87005a956b0736266dfe.
May be a bug in slibtool, so let's wait for now.
Bug: https://bugs.gentoo.org/777804
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openldap/files/openldap-2.4.58-slibtool.patch | 33 -
net-nds/openldap/openldap-2.4.58-r1.ebuild | 915 ---------------------
2 files changed, 948 deletions(-)
diff --git a/net-nds/openldap/files/openldap-2.4.58-slibtool.patch b/net-nds/openldap/files/openldap-2.4.58-slibtool.patch
deleted file mode 100644
index 3467248a2a7..00000000000
--- a/net-nds/openldap/files/openldap-2.4.58-slibtool.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://bugs.gentoo.org/777804
-
-commit 236b3a0d91774d7032c6aaf483e8a25075f31af3
-Author: orbea <orbea@riseup.net>
-Date: Wed Mar 24 21:38:55 2021 -0700
-
- Fix build with --disable-static and slibtool.
-
-diff --git a/build/top.mk b/build/top.mk
-index f542ded..f07ff77 100644
---- a/build/top.mk
-+++ b/build/top.mk
-@@ -86,6 +86,11 @@ LTONLY_yes = --tag=disable-shared
- LTONLY_mod = --tag=disable-static
- LTONLY_MOD = $(LTONLY_$(BUILD_MOD))
-
-+# static flag for modules
-+STATIC_yes = -static
-+STATIC_mod =
-+STATIC_MOD = $(STATIC_$(BUILD_MOD))
-+
- # platform-specific libtool flags
- NT_LTFLAGS_LIB = -no-undefined -avoid-version -rpath $(libdir)
- NT_LTFLAGS_MOD = -no-undefined -avoid-version -rpath $(moduledir)
-@@ -116,7 +121,7 @@ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)
-
- LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
-- $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
-+ $(CC) $(STATIC_MOD) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
-
- LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \
- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)
diff --git a/net-nds/openldap/openldap-2.4.58-r1.ebuild b/net-nds/openldap/openldap-2.4.58-r1.ebuild
deleted file mode 100644
index 5b0c6ed7f43..00000000000
--- a/net-nds/openldap/openldap-2.4.58-r1.ebuild
+++ /dev/null
@@ -1,915 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools db-use flag-o-matic multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="https://www.OpenLDAP.org/"
-
-# upstream mirrors are mostly not working, using canonical URI
-SRC_URI="
- https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
- http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
- http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
- http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt samba tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs test"
-IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-RESTRICT="!test? ( test )"
-REQUIRED_USE="cxx? ( sasl )
- pbkdf2? ( ssl )
- test? ( berkdb )
- ?? ( test minimal )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-COMMON_DEPEND="
- ssl? (
- !gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
- )
- gnutls? (
- >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
- >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
- )
- )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- dev-libs/libltdl
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.18:=
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? (
- virtual/krb5
- kinit? ( !app-crypt/heimdal )
- )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
-"
-DEPEND="${COMMON_DEPEND}
- sys-apps/groff
-"
-RDEPEND="${COMMON_DEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-
-# The user/group are only used for running daemons which are
-# disabled in minimal builds, so elide the accounts too.
-# for tracking versions
-
-BDEPEND="!minimal? (
- acct-group/ldap
- acct-user/ldap
-)
-"
-
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- "${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # unbundle lmdb
- "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
-
- # bug #622464
- "${FILESDIR}"/${PN}-2.4.47-libressl.patch
-
- # fix some compiler warnings
- "${FILESDIR}"/${PN}-2.4.47-warnings.patch
-
- # fix build with slibtool, see bug #777804
- "${FILESDIR}"/${PN}-2.4.58-slibtool.patch
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- local openldap_datadirs=()
- if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
- openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
- fi
- openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs[@]} ; do
- CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
- CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
- if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
- einfo "- Checking ${each}..."
- if [[ -r "${CURRENT_TAG}" ]] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source "${CURRENT_TAG}"
- if [[ "${OLDPF}" == "" ]] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
-
- [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
-
- # are we on the same branch?
- if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
- if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in ${BDB_SLOTS} ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "${NEWVER}" ]] && break
- done
- fi
- local fail=0
- if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- :
- # Nothing wrong here.
- elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [[ "${fail}" == "1" ]] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- local d l i
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [[ "${FORCE_UPGRADE}" != "1" ]]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- -i include/ldap_defaults.h || die
-
- default
- rm -r libraries/liblmdb || die
-
- pushd build &>/dev/null || die "pushd build"
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
- popd &>/dev/null || die
-
- # wrong assumption that /bin/sh is /bin/bash
- sed \
- -e 's|/bin/sh|/bin/bash|g' \
- -i tests/scripts/* || die "sed failed"
-
- # Required for autoconf-2.70 #765043
- sed 's@^AM_INIT_AUTOMAKE.*@AC_PROG_MAKE_SET@' -i configure.in || die
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
- popd &>/dev/null || die
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU exists only in the configure, nowhere in the codebase, bug #510858
- export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir ${BDB_SLOTS})
- einfo "Using ${DBINCLUDE} for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- --disable-slp
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- CONFIG_SHELL="/bin/sh" \
- ECONF_SOURCE="${S}" \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
- popd &>/dev/null || die
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
- emake CC="${CC}" CXX="${CXX}"
- popd &>/dev/null || die
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use kerberos ; then
- if use kinit ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- fi
- pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- popd &>/dev/null || die
- fi
-
- if use pbkdf2; then
- pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
- einfo "Compiling contrib-module: pw-pbkdf2"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../../include \
- ${CFLAGS} \
- -o pbkdf2.lo \
- -c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
- einfo "Linking contrib-module: pw-pbkdf2"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-pbkdf2.la \
- pbkdf2.lo || die "linking pw-pbkdf2 failed"
- popd &>/dev/null || die
- fi
-
- if use sha2 ; then
- pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
- einfo "Compiling contrib-module: pw-sha2"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../../include \
- ${CFLAGS} \
- -o sha2.lo \
- -c sha2.c || die "compiling pw-sha2 failed"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../../include \
- ${CFLAGS} \
- -o slapd-sha2.lo \
- -c slapd-sha2.c || die "compiling pw-sha2 failed"
- einfo "Linking contrib-module: pw-sha2"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-sha2.la \
- sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
- popd &>/dev/null || die
- fi
-
- # We could build pw-radius if GNURadius would install radlib.h
- pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- #build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- popd &>/dev/null || die
- # build slapi-plugins
- pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
- popd &>/dev/null || die
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"/etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"/etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default || die
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
- doinitd "${T}"/slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
-
- einfo "Install systemd service"
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
- systemd_dounit "${T}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- # If built without SLP, we don't need to be before avahi
- sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"/etc/init.d/slapd \
- || die
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la */*/*.la; do
- [[ -e ${l} ]] || continue
- "${lt}" --mode=install cp ${l} \
- "${ED}"/usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-
- if ! use static-libs ; then
- find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- if [[ -d "${EROOT}"/var/run/openldap ]]; then
- use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
- chmod 0755 "${EROOT}"/var/run/openldap || die
- fi
- use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
- use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2021-05-02 11:22 Mikle Kolyada
0 siblings, 0 replies; 12+ messages in thread
From: Mikle Kolyada @ 2021-05-02 11:22 UTC (permalink / raw
To: gentoo-commits
commit: 23865857941f753d1d0d3680632ff43ae29c0046
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun May 2 11:20:02 2021 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun May 2 11:22:17 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23865857
net-nds/openldap: remove libressl support
Package-Manager: Portage-3.0.18, Repoman-3.0.2
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
.../openldap/files/openldap-2.4.47-libressl.patch | 58 ----------------------
net-nds/openldap/openldap-2.4.57.ebuild | 14 ++----
net-nds/openldap/openldap-2.4.58.ebuild | 14 ++----
3 files changed, 8 insertions(+), 78 deletions(-)
diff --git a/net-nds/openldap/files/openldap-2.4.47-libressl.patch b/net-nds/openldap/files/openldap-2.4.47-libressl.patch
deleted file mode 100644
index 5e5b3e37bf0..00000000000
--- a/net-nds/openldap/files/openldap-2.4.47-libressl.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
-index b0277dfe9..8a3f47a74 100644
---- a/libraries/libldap/tls_o.c
-+++ b/libraries/libldap/tls_o.c
-@@ -50,7 +50,7 @@
- #include <ssl.h>
- #endif
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
- #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
- #endif
-
-@@ -200,7 +200,7 @@ tlso_init( void )
- (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
- #endif
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- SSL_load_error_strings();
- SSL_library_init();
- OpenSSL_add_all_digests();
-@@ -252,7 +252,7 @@ static void
- tlso_ctx_ref( tls_ctx *ctx )
- {
- tlso_ctx *c = (tlso_ctx *)ctx;
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
- #endif
- SSL_CTX_up_ref( c );
-@@ -511,7 +511,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *der_dn )
- if (!x) return LDAP_INVALID_CREDENTIALS;
-
- xn = X509_get_subject_name(x);
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- der_dn->bv_len = i2d_X509_NAME( xn, NULL );
- der_dn->bv_val = xn->bytes->data;
- #else
-@@ -547,7 +547,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval *der_dn )
- return LDAP_INVALID_CREDENTIALS;
-
- xn = X509_get_subject_name(x);
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- der_dn->bv_len = i2d_X509_NAME( xn, NULL );
- der_dn->bv_val = xn->bytes->data;
- #else
-@@ -768,7 +768,7 @@ struct tls_data {
- Sockbuf_IO_Desc *sbiod;
- };
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
- #define BIO_set_init(b, x) b->init = x
- #define BIO_set_data(b, x) b->ptr = x
- #define BIO_clear_flags(b, x) b->flags &= ~(x)
diff --git a/net-nds/openldap/openldap-2.4.57.ebuild b/net-nds/openldap/openldap-2.4.57.ebuild
index 2db1c490121..275d24ff2e0 100644
--- a/net-nds/openldap/openldap-2.4.57.ebuild
+++ b/net-nds/openldap/openldap-2.4.57.ebuild
@@ -27,7 +27,7 @@ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs test"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
@@ -50,8 +50,7 @@ for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
COMMON_DEPEND="
ssl? (
!gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
@@ -68,16 +67,14 @@ COMMON_DEPEND="
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
+ dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
+ dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
@@ -177,9 +174,6 @@ PATCHES=(
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
- # bug #622464
- "${FILESDIR}"/${PN}-2.4.47-libressl.patch
-
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
)
diff --git a/net-nds/openldap/openldap-2.4.58.ebuild b/net-nds/openldap/openldap-2.4.58.ebuild
index f2095a16dd2..02f6d9096b6 100644
--- a/net-nds/openldap/openldap-2.4.58.ebuild
+++ b/net-nds/openldap/openldap-2.4.58.ebuild
@@ -27,7 +27,7 @@ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~
IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs test"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
@@ -50,8 +50,7 @@ for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
COMMON_DEPEND="
ssl? (
!gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
)
gnutls? (
>=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
@@ -68,16 +67,14 @@ COMMON_DEPEND="
iodbc? ( dev-db/libiodbc ) )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
+ dev-libs/openssl:0=
)
berkdb? (
<sys-libs/db-6.0:=
|| ( ${BDB_PKGS} )
)
smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
+ dev-libs/openssl:0=
kerberos? ( app-crypt/heimdal )
)
kerberos? (
@@ -177,9 +174,6 @@ PATCHES=(
# unbundle lmdb
"${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
- # bug #622464
- "${FILESDIR}"/${PN}-2.4.47-libressl.patch
-
# fix some compiler warnings
"${FILESDIR}"/${PN}-2.4.47-warnings.patch
)
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2022-03-19 18:07 Robin H. Johnson
0 siblings, 0 replies; 12+ messages in thread
From: Robin H. Johnson @ 2022-03-19 18:07 UTC (permalink / raw
To: gentoo-commits
commit: d12a02243969b7c715e9b639345ec8aacd925a28
Author: Dennis Lamm <expeditioneer <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 5 23:24:54 2022 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat Mar 19 18:07:51 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d12a0224
net-nds/openldap 2.6.1 version bump
Closes: https://bugs.gentoo.org/799092
Bug: https://bugs.gentoo.org/624178
Bug: https://bugs.gentoo.org/815844
Bug: https://bugs.gentoo.org/609486
Signed-off-by: Dennis Lamm <expeditioneer <AT> gentoo.org>
(cherry picked from commit c2e92fe1e144e8563f753a76d9d0cba923bb8878)
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
net-nds/openldap/Manifest | 1 +
net-nds/openldap/files/openldap-2.6.1-cloak.patch | 25 +
.../files/openldap-2.6.1-fix-missing-mapping.patch | 21 +
net-nds/openldap/files/openldap-2.6.1-flags.patch | 416 +++++++++++
.../openldap/files/openldap-2.6.1-system-mdb.patch | 148 ++++
net-nds/openldap/files/slapd-2.6.1.service | 12 +
net-nds/openldap/files/slapd-confd-2.6.1 | 26 +
net-nds/openldap/metadata.xml | 4 +
net-nds/openldap/openldap-2.6.1.ebuild | 796 +++++++++++++++++++++
9 files changed, 1449 insertions(+)
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest
index 94ca3b8be20f..c0b19b7c9812 100644
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@@ -2,4 +2,5 @@ DIST openldap-2.4.57.tgz 5883912 BLAKE2B 439605e1bebcf34968f0a552aaade1b72b7671a
DIST openldap-2.4.58.tgz 5885225 BLAKE2B effb618dba03497796a497cd7f53ec52e389133769321dd242433bed5ec4b1f66cf7353f08a49d5f3465880f6bcfc9afc9c7d2a28e075b66f5fd926b02213541 SHA512 2fa2aa36117692eca44e55559f162c8c796f78469e6c2aee91b06d46f2b755d416979c913a3d89bbf9db14cc84881ecffee69af75b48e1d16b7aa9d2e3873baa
DIST openldap-2.4.59.tgz 5886272 BLAKE2B a2a8bed1d2af97fd41d651668152fd4740871bc5a8abf4b50390839228af82ac103346b3500ae0f8dd31b708acabb30435b90cd48dfafe510e648df5150d96b8 SHA512 233459ab446da6e107a7fc4ecd5668d6b08c11a11359ee76449550393e8f586a29b59d7ae09a050a1fca4fcf388ea61438ef60831b3ae802d92c048365ae3968
DIST openldap-2.5.4.tgz 6415235 BLAKE2B 16e466d01dc7642786bb88a101854513f1239f1e817fd05145e89deb54bc1b911a5dc5f42b132747f14bdd2a3355e7c398b8b14937e7093361f4a96bfb7e9197 SHA512 00b57c9179acf3b1bde738e91604f3b09b5f5309106362bb947154d131868f233713eaa75c9af9771bfad731902d67406e8fb429851bad227fc48054cace16a8
+DIST openldap-OPENLDAP_REL_ENG_2_6_1.tar.gz 6211863 BLAKE2B 81f4591db483a214351c2e02631fef2875e17e0890fc621182d2ed61d927c3c029a4f290ee6c0788952495d6f7a76ed15e62557b8d8f2e241d867e19fdf223b7 SHA512 ca61c1dccf3194d8d149ca0c45a4834d6fadf67a3676cf348f5f62ab92c94bc7501216d7da681c3a6f87f646a18d0f3d116c3d3a24d2e5cbebc6c695c986e517
DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e
diff --git a/net-nds/openldap/files/openldap-2.6.1-cloak.patch b/net-nds/openldap/files/openldap-2.6.1-cloak.patch
new file mode 100644
index 000000000000..8fab052d4db1
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.1-cloak.patch
@@ -0,0 +1,25 @@
+diff --git a/contrib/slapd-modules/cloak/cloak.c b/contrib/slapd-modules/cloak/cloak.c
+index ced7a8024..dffce3614 100644
+--- a/contrib/slapd-modules/cloak/cloak.c
++++ b/contrib/slapd-modules/cloak/cloak.c
+@@ -29,6 +29,7 @@
+ #include "ac/socket.h"
+
+ #include "lutil.h"
++#include "attr.h"
+ #include "slap.h"
+ #include "slap-config.h"
+
+diff --git a/servers/slapd/attr.h b/servers/slapd/attr.h
+index e69de29bb..73949f60c 100644
+--- a/servers/slapd/attr.h
++++ b/servers/slapd/attr.h
+@@ -0,0 +1,8 @@
++#ifndef OPENLDAP_SERVERS_SLAPD_ATTR_H_
++#define OPENLDAP_SERVERS_SLAPD_ATTR_H_
++
++#endif //OPENLDAP_SERVERS_SLAPD_ATTR_H_
++
++#include "slap.h"
++
++void attr_clean( Attribute *a );
diff --git a/net-nds/openldap/files/openldap-2.6.1-fix-missing-mapping.patch b/net-nds/openldap/files/openldap-2.6.1-fix-missing-mapping.patch
new file mode 100644
index 000000000000..be7fbf3e528d
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.1-fix-missing-mapping.patch
@@ -0,0 +1,21 @@
+From 59e013602d7b1aa0d7da79d65367c9ec391b96f8 Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <spichugi@redhat.com>
+Date: Wed, 3 Nov 2021 19:03:40 -0700
+Subject: [PATCH] Fix missing mapping
+
+---
+ libraries/liblber/lber.map | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libraries/liblber/lber.map b/libraries/liblber/lber.map
+index 9a4094b0f..083cd1f32 100644
+--- a/libraries/liblber/lber.map
++++ b/libraries/liblber/lber.map
+@@ -121,6 +121,7 @@ OPENLDAP_2.200
+ ber_sockbuf_io_fd;
+ ber_sockbuf_io_readahead;
+ ber_sockbuf_io_tcp;
++ ber_sockbuf_io_udp;
+ ber_sockbuf_remove_io;
+ ber_sos_dump;
+ ber_start;
diff --git a/net-nds/openldap/files/openldap-2.6.1-flags.patch b/net-nds/openldap/files/openldap-2.6.1-flags.patch
new file mode 100644
index 000000000000..019bd9f6fd33
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.1-flags.patch
@@ -0,0 +1,416 @@
+diff --git a/contrib/slapd-modules/acl/Makefile b/contrib/slapd-modules/acl/Makefile
+index 2195e2d72..3efaaad72 100644
+--- a/contrib/slapd-modules/acl/Makefile
++++ b/contrib/slapd-modules/acl/Makefile
+@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/addpartial/Makefile b/contrib/slapd-modules/addpartial/Makefile
+index ecb7cd0a3..e278dc080 100644
+--- a/contrib/slapd-modules/addpartial/Makefile
++++ b/contrib/slapd-modules/addpartial/Makefile
+@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/adremap/Makefile b/contrib/slapd-modules/adremap/Makefile
+index b008eabd6..23d3658c3 100644
+--- a/contrib/slapd-modules/adremap/Makefile
++++ b/contrib/slapd-modules/adremap/Makefile
+@@ -19,7 +19,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_ADREMAP=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/allop/Makefile b/contrib/slapd-modules/allop/Makefile
+index 053f3774a..11998ce87 100644
+--- a/contrib/slapd-modules/allop/Makefile
++++ b/contrib/slapd-modules/allop/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/allowed/Makefile b/contrib/slapd-modules/allowed/Makefile
+index 32cb43241..674d6cafd 100644
+--- a/contrib/slapd-modules/allowed/Makefile
++++ b/contrib/slapd-modules/allowed/Makefile
+@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_ALLOWED=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/authzid/Makefile b/contrib/slapd-modules/authzid/Makefile
+index ef9c4bc4f..49a756c35 100644
+--- a/contrib/slapd-modules/authzid/Makefile
++++ b/contrib/slapd-modules/authzid/Makefile
+@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/autogroup/Makefile b/contrib/slapd-modules/autogroup/Makefile
+index 7dd6613cf..f19acae6c 100644
+--- a/contrib/slapd-modules/autogroup/Makefile
++++ b/contrib/slapd-modules/autogroup/Makefile
+@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/cloak/Makefile b/contrib/slapd-modules/cloak/Makefile
+index c54e6b134..9360ef2dc 100644
+--- a/contrib/slapd-modules/cloak/Makefile
++++ b/contrib/slapd-modules/cloak/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_CLOAK=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/comp_match/Makefile b/contrib/slapd-modules/comp_match/Makefile
+index 9b78c5c12..e1cb8fe3c 100644
+--- a/contrib/slapd-modules/comp_match/Makefile
++++ b/contrib/slapd-modules/comp_match/Makefile
+@@ -31,7 +31,7 @@ SSL_LIB = -lcrypto -L$(SSL_DIR)/lib
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DLDAP_COMPONENT
+ INCS = $(LDAP_INC) $(SNACC_INC) $(SSL_INC)
+ LIBS = $(LDAP_LIB) $(SNACC_LIB) $(SSL_LIB)
+diff --git a/contrib/slapd-modules/datamorph/Makefile b/contrib/slapd-modules/datamorph/Makefile
+index 82bce493c..19231c71d 100644
+--- a/contrib/slapd-modules/datamorph/Makefile
++++ b/contrib/slapd-modules/datamorph/Makefile
+@@ -22,7 +22,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_DATAMORPH=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/denyop/Makefile b/contrib/slapd-modules/denyop/Makefile
+index 2cea18b06..d11dd8d4a 100644
+--- a/contrib/slapd-modules/denyop/Makefile
++++ b/contrib/slapd-modules/denyop/Makefile
+@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_DENYOP=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/dsaschema/Makefile b/contrib/slapd-modules/dsaschema/Makefile
+index 3a88fc01f..97e0642f3 100644
+--- a/contrib/slapd-modules/dsaschema/Makefile
++++ b/contrib/slapd-modules/dsaschema/Makefile
+@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/dupent/Makefile b/contrib/slapd-modules/dupent/Makefile
+index 6b3543862..1cc09a8b4 100644
+--- a/contrib/slapd-modules/dupent/Makefile
++++ b/contrib/slapd-modules/dupent/Makefile
+@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_DUPENT=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/kinit/Makefile b/contrib/slapd-modules/kinit/Makefile
+index 7b25ced76..9f339e810 100644
+--- a/contrib/slapd-modules/kinit/Makefile
++++ b/contrib/slapd-modules/kinit/Makefile
+@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB) -lkrb5
+diff --git a/contrib/slapd-modules/lastbind/Makefile b/contrib/slapd-modules/lastbind/Makefile
+index c273cd3a0..da9fa172f 100644
+--- a/contrib/slapd-modules/lastbind/Makefile
++++ b/contrib/slapd-modules/lastbind/Makefile
+@@ -19,7 +19,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/lastmod/Makefile b/contrib/slapd-modules/lastmod/Makefile
+index 9b06c28fb..be583722b 100644
+--- a/contrib/slapd-modules/lastmod/Makefile
++++ b/contrib/slapd-modules/lastmod/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_LASTMOD=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/noopsrch/Makefile b/contrib/slapd-modules/noopsrch/Makefile
+index 2934a3214..22a3db04b 100644
+--- a/contrib/slapd-modules/noopsrch/Makefile
++++ b/contrib/slapd-modules/noopsrch/Makefile
+@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2 -Wall
++OPT = -Wall -Wall
+ DEFS = -DSLAPD_OVER_NOOPSRCH=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/nops/Makefile b/contrib/slapd-modules/nops/Makefile
+index 94a5bcd23..86dcdfd76 100644
+--- a/contrib/slapd-modules/nops/Makefile
++++ b/contrib/slapd-modules/nops/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/nssov/Makefile b/contrib/slapd-modules/nssov/Makefile
+index 13987c250..c2c26d473 100644
+--- a/contrib/slapd-modules/nssov/Makefile
++++ b/contrib/slapd-modules/nssov/Makefile
+@@ -27,7 +27,7 @@ NLDAPD_INC=-Inss-pam-ldapd
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+-OPT = -g -O2
++OPT = -Wall
+ CC = gcc
+ DEFS =
+ INCS = $(LDAP_INC) $(NLDAPD_INC)
+diff --git a/contrib/slapd-modules/passwd/Makefile b/contrib/slapd-modules/passwd/Makefile
+index 634649603..4b6be2617 100644
+--- a/contrib/slapd-modules/passwd/Makefile
++++ b/contrib/slapd-modules/passwd/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/passwd/pbkdf2/Makefile b/contrib/slapd-modules/passwd/pbkdf2/Makefile
+index 6279f50c1..20769028e 100644
+--- a/contrib/slapd-modules/passwd/pbkdf2/Makefile
++++ b/contrib/slapd-modules/passwd/pbkdf2/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ #DEFS = -DSLAPD_PBKDF2_DEBUG
+
+ SSL_INC =
+diff --git a/contrib/slapd-modules/passwd/sha2/Makefile b/contrib/slapd-modules/passwd/sha2/Makefile
+index 2d2075688..f8a77d24d 100644
+--- a/contrib/slapd-modules/passwd/sha2/Makefile
++++ b/contrib/slapd-modules/passwd/sha2/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ #DEFS = -DSLAPD_SHA2_DEBUG
+ INCS = $(LDAP_INC)
+diff --git a/contrib/slapd-modules/passwd/totp/Makefile b/contrib/slapd-modules/passwd/totp/Makefile
+index f7dff4bd7..463a45248 100644
+--- a/contrib/slapd-modules/passwd/totp/Makefile
++++ b/contrib/slapd-modules/passwd/totp/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/ppm/Makefile b/contrib/slapd-modules/ppm/Makefile
+index 7b6efaddd..f26faca2b 100644
+--- a/contrib/slapd-modules/ppm/Makefile
++++ b/contrib/slapd-modules/ppm/Makefile
+@@ -18,7 +18,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/liblber/liblber.la $(LDAP_BUILD)/libraries/li
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2 -fpic
++OPT = -Wall -fpic
+
+ # To skip linking against CRACKLIB make CRACK=no
+ CRACK=yes
+diff --git a/contrib/slapd-modules/proxyOld/Makefile b/contrib/slapd-modules/proxyOld/Makefile
+index d92967c39..f2e7524a9 100644
+--- a/contrib/slapd-modules/proxyOld/Makefile
++++ b/contrib/slapd-modules/proxyOld/Makefile
+@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/rbac/Makefile b/contrib/slapd-modules/rbac/Makefile
+index 1180bd6a1..59b614ade 100755
+--- a/contrib/slapd-modules/rbac/Makefile
++++ b/contrib/slapd-modules/rbac/Makefile
+@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_RBAC=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/samba4/Makefile b/contrib/slapd-modules/samba4/Makefile
+index f53d130d2..a4b6600ca 100644
+--- a/contrib/slapd-modules/samba4/Makefile
++++ b/contrib/slapd-modules/samba4/Makefile
+@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \
+ -DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \
+ -DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC
+diff --git a/contrib/slapd-modules/smbk5pwd/Makefile b/contrib/slapd-modules/smbk5pwd/Makefile
+index a1c2c8eef..c2b1c16bb 100644
+--- a/contrib/slapd-modules/smbk5pwd/Makefile
++++ b/contrib/slapd-modules/smbk5pwd/Makefile
+@@ -27,7 +27,7 @@ HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
+ DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
+ INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+diff --git a/contrib/slapd-modules/trace/Makefile b/contrib/slapd-modules/trace/Makefile
+index 1bf8a5541..9026c2c93 100644
+--- a/contrib/slapd-modules/trace/Makefile
++++ b/contrib/slapd-modules/trace/Makefile
+@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_TRACE=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/usn/Makefile b/contrib/slapd-modules/usn/Makefile
+index d7af04b10..eae938a3e 100644
+--- a/contrib/slapd-modules/usn/Makefile
++++ b/contrib/slapd-modules/usn/Makefile
+@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_USN=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/variant/Makefile b/contrib/slapd-modules/variant/Makefile
+index 07effed6c..a83373b48 100644
+--- a/contrib/slapd-modules/variant/Makefile
++++ b/contrib/slapd-modules/variant/Makefile
+@@ -22,7 +22,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ INSTALL = /usr/bin/install
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS = -DSLAPD_OVER_VARIANT=SLAPD_MOD_DYNAMIC
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+diff --git a/contrib/slapd-modules/vc/Makefile b/contrib/slapd-modules/vc/Makefile
+index 9fe67ab27..526037e50 100644
+--- a/contrib/slapd-modules/vc/Makefile
++++ b/contrib/slapd-modules/vc/Makefile
+@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+-OPT = -g -O2
++OPT = -Wall
+ DEFS =
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
diff --git a/net-nds/openldap/files/openldap-2.6.1-system-mdb.patch b/net-nds/openldap/files/openldap-2.6.1-system-mdb.patch
new file mode 100644
index 000000000000..55a2253a8fa0
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.1-system-mdb.patch
@@ -0,0 +1,148 @@
+diff --git a/build/openldap.m4 b/build/openldap.m4
+index 91e2608b8..493f85ae8 100644
+--- a/build/openldap.m4
++++ b/build/openldap.m4
+@@ -243,6 +243,40 @@ OL_RESOLVER_TRY(ol_cv_resolver_none)
+ OL_RESOLVER_TRY(ol_cv_resolver_resolv,[-lresolv])
+ OL_RESOLVER_TRY(ol_cv_resolver_bind,[-lbind])
+ ])
++
++dnl --------------------------------------------------------------------
++dnl Check for version compatility with back-mdb
++AC_DEFUN([OL_MDB_COMPAT],
++[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[
++ AC_EGREP_CPP(__mdb_version_compat,[
++#include <lmdb.h>
++
++/* require 0.9.18 or later */
++#if MDB_VERSION_FULL >= 0x000000090012
++ __mdb_version_compat
++#endif
++ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])])
++])
++
++dnl
++dnl --------------------------------------------------------------------
++dnl Find any MDB
++AC_DEFUN([OL_MDB],
++[ol_cv_mdb=no
++AC_CHECK_HEADERS(lmdb.h)
++if test $ac_cv_header_lmdb_h = yes; then
++ OL_MDB_COMPAT
++
++ if test $ol_cv_mdb_compat != yes ; then
++ AC_MSG_ERROR([LMDB version incompatible with MDB backends])
++ fi
++
++ ol_cv_lib_mdb=-llmdb
++ ol_cv_mdb=yes
++fi
++])
++
++
+ dnl
+ dnl ====================================================================
+ dnl Check POSIX Thread version
+diff --git a/build/top.mk b/build/top.mk
+index 67873d9f3..8d8787ecb 100644
+--- a/build/top.mk
++++ b/build/top.mk
+@@ -164,6 +164,7 @@ CLIENT_LIBS = @CLIENT_LIBS@
+ LUTIL_LIBS = @LUTIL_LIBS@
+ LTHREAD_LIBS = @LTHREAD_LIBS@
+
++MDB_LIBS = @MDB_LIBS@
+ SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
+ WT_LIBS = @WT_LIBS@
+
+diff --git a/configure.ac b/configure.ac
+index 9012d0b28..52dd72eb6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -547,6 +547,7 @@ AC_MSG_RESULT(done)
+ dnl ----------------------------------------------------------------
+ dnl Initialize vars
+ LDAP_LIBS=
++MDB_LIBS=
+ SLAPD_NDB_LIBS=
+ SLAPD_NDB_INCS=
+ LTHREAD_LIBS=
+@@ -646,6 +647,32 @@ dnl Checks for programs
+
+ AC_DEFINE(HAVE_MKVERSION, 1, [define this if you have mkversion])
+
++dnl ----------------------------------------------------------------
++ol_link_mdb=no
++
++if test $ol_enable_mdb != no; then
++ OL_MDB
++
++ if test $ol_cv_mdb = no ; then
++ AC_MSG_ERROR(MDB: LMDB not available)
++ fi
++
++ AC_DEFINE(HAVE_MDB,1,
++ [define this if LMDB is available])
++
++ dnl $ol_cv_lib_mdb should be yes or -llmdb
++ dnl (it could be no, but that would be an error
++ if test $ol_cv_lib_mdb != yes ; then
++ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb"
++ fi
++
++ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)"
++
++ ol_link_mdb=yes
++fi
++
++dnl ----------------------------------------------------------------
++
+ dnl ----------------------------------------------------------------
+ dnl
+ dnl Determine which C translator to use
+@@ -3150,6 +3177,7 @@ dnl pwmods
+ AC_SUBST(LDAP_LIBS)
+ AC_SUBST(CLIENT_LIBS)
+ AC_SUBST(SLAPD_LIBS)
++AC_SUBST(MDB_LIBS)
+ AC_SUBST(BALANCER_LIBS)
+ AC_SUBST(SLAPD_NDB_LIBS)
+ AC_SUBST(SLAPD_NDB_INCS)
+diff --git a/servers/slapd/back-mdb/Makefile.in b/servers/slapd/back-mdb/Makefile.in
+index ad3804898..f9319e227 100644
+--- a/servers/slapd/back-mdb/Makefile.in
++++ b/servers/slapd/back-mdb/Makefile.in
+@@ -25,11 +25,10 @@ OBJS = init.lo tools.lo config.lo \
+ extended.lo operational.lo \
+ attr.lo index.lo key.lo filterindex.lo \
+ dn2entry.lo dn2id.lo id2entry.lo idl.lo \
+- nextid.lo monitor.lo mdb.lo midl.lo
++ nextid.lo monitor.lo
+
+ LDAP_INCDIR= ../../../include
+ LDAP_LIBDIR= ../../../libraries
+-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
+
+ BUILD_OPT = "--enable-mdb"
+ BUILD_MOD = @BUILD_MDB@
+@@ -44,7 +43,7 @@ UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
+
+ LIBBASE = back_mdb
+
+-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR)
++XINCPATH = -I.. -I$(srcdir)/..
+ XDEFS = $(MODULES_CPPFLAGS)
+
+ all-local-lib: ../.backend
+@@ -52,11 +51,5 @@ all-local-lib: ../.backend
+ ../.backend: lib$(LIBBASE).a
+ @touch $@
+
+-mdb.lo: $(MDB_SUBDIR)/mdb.c
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c
+-
+-midl.lo: $(MDB_SUBDIR)/midl.c
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c
+-
+ veryclean-local-lib: FORCE
+ $(RM) $(XXHEADERS) $(XXSRCS) .links
diff --git a/net-nds/openldap/files/slapd-2.6.1.service b/net-nds/openldap/files/slapd-2.6.1.service
new file mode 100644
index 000000000000..5f08be3b37f9
--- /dev/null
+++ b/net-nds/openldap/files/slapd-2.6.1.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenLDAP Server Daemon
+After=network.target
+
+[Service]
+Type=notify
+PIDFile=/run/openldap/slapd.pid
+ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS
+ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-nds/openldap/files/slapd-confd-2.6.1 b/net-nds/openldap/files/slapd-confd-2.6.1
new file mode 100644
index 000000000000..9e7babbaaac1
--- /dev/null
+++ b/net-nds/openldap/files/slapd-confd-2.6.1
@@ -0,0 +1,26 @@
+# conf.d file for openldap
+#
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+
+# If you have multiple slapd instances per #376699, this will provide a default config
+INSTANCE="openldap${SVCNAME#slapd}"
+
+# If you use the classical configuration file:
+OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf"
+# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3
+#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d"
+# (the OPTS_CONF variable is also passed to slaptest during startup)
+
+OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2frun%2fopenldap%2fslapd.sock'"
+# Optional connectionless LDAP:
+#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2frun%2fopenldap%2fslapd.sock cldap://'"
+
+# If you change the above listen statement to bind on a specific IP for
+# listening, you should ensure that interface is up here (change eth0 as
+# needed).
+#rc_need="net.eth0"
+
+# Specify the kerberos keytab file
+#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab
diff --git a/net-nds/openldap/metadata.xml b/net-nds/openldap/metadata.xml
index 901d31c63ed9..62176631c249 100644
--- a/net-nds/openldap/metadata.xml
+++ b/net-nds/openldap/metadata.xml
@@ -9,6 +9,8 @@
<email>ldap-bugs@gentoo.org</email>
</maintainer>
<use>
+ <flag name="argon2">Enable password hashing algorithm from <pkg>app-crypt/argon2</pkg></flag>
+ <flag name="cleartext">Enable use of cleartext passwords</flag>
<flag name="experimental">Enable experimental backend options</flag>
<flag name="kinit">Enable support for kerberos init</flag>
<flag name="odbc">Enable ODBC and SQL backend options</flag>
@@ -19,6 +21,8 @@
<flag name="sha2">Enable support for pw-sha2 password hashes</flag>
</use>
<upstream>
+ <bugs-to>https://bugs.openldap.org/</bugs-to>
<remote-id type="cpe">cpe:/a:openldap:openldap</remote-id>
+ <remote-id type="gitlab">openldap/openldap</remote-id>
</upstream>
</pkgmetadata>
diff --git a/net-nds/openldap/openldap-2.6.1.ebuild b/net-nds/openldap/openldap-2.6.1.ebuild
new file mode 100644
index 000000000000..7ca516cae4d6
--- /dev/null
+++ b/net-nds/openldap/openldap-2.6.1.ebuild
@@ -0,0 +1,796 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
+
+MY_PV="$(ver_rs 1-2 _)"
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="https://www.OpenLDAP.org/"
+
+SRC_URI="
+ https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
+IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
+IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
+IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+RESTRICT="!test? ( test )"
+
+RESTRICT="!test? ( test )"
+REQUIRED_USE="cxx? ( sasl )
+ pbkdf2? ( ssl )
+ test? ( cleartext sasl )
+ ?? ( test minimal )"
+
+S=${WORKDIR}/${PN}-OPENLDAP_REL_ENG_${MY_PV}
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
+BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+COMMON_DEPEND="
+ ssl? (
+ !gnutls? (
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
+ )
+ gnutls? (
+ >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
+ >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
+ )
+ )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ dev-libs/libltdl
+ sys-fs/e2fsprogs
+ >=dev-db/lmdb-0.9.18:=
+ argon2? ( app-crypt/argon2:= )
+ crypt? ( virtual/libcrypt:= )
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ dev-libs/openssl:0=
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl:0=
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? (
+ virtual/krb5
+ kinit? ( !app-crypt/heimdal )
+ )
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ sys-apps/groff
+"
+RDEPEND="${COMMON_DEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+
+# The user/group are only used for running daemons which are
+# disabled in minimal builds, so elide the accounts too.
+BDEPEND="!minimal? (
+ acct-group/ldap
+ acct-user/ldap
+)
+"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+ "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
+ "${FILESDIR}"/${PN}-2.6.1-cloak.patch
+ "${FILESDIR}"/${PN}-2.6.1-flags.patch
+ "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ local openldap_datadirs=()
+ if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
+ openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
+ fi
+ openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs[@]} ; do
+ CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
+ CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
+ if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
+ einfo "- Checking ${each}..."
+ if [[ -r "${CURRENT_TAG}" ]] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source "${CURRENT_TAG}"
+ if [[ "${OLDPF}" == "" ]] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
+
+ [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
+
+ # are we on the same branch?
+ if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
+ if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ local fail=0
+ if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ :
+ # Nothing wrong here.
+ elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [[ "${fail}" == "1" ]] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ local d l i
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [[ "${FORCE_UPGRADE}" != "1" ]]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+}
+
+src_prepare() {
+ rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
+
+ for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
+ iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8"
+ mv "$filename.utf8" "$filename"
+ done
+
+ default
+
+ sed -i \
+ -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
+ servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
+
+ pushd build &>/dev/null || die "pushd build"
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to remove to early stripping"
+ popd &>/dev/null || die
+
+ eautoreconf
+ multilib_copy_sources
+}
+
+build_contrib_module() {
+ # <dir> [<target>]
+ pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
+ einfo "Compiling contrib-module: $1"
+ local target="${2:-all}"
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
+ "$target"
+ popd &>/dev/null || die
+}
+
+multilib_src_configure() {
+ # Optional Features
+ myconf+=(
+ --enable-option-checking
+ $(use_enable debug)
+ --enable-dynamic
+ $(use_enable syslog)
+ $(use_enable ipv6)
+ --enable-local
+ )
+
+ # Optional Packages
+ myconf+=(
+ --without-fetch
+ )
+
+ if ! use minimal && multilib_is_native_abi; then
+ # SLAPD (Standalone LDAP Daemon) Options
+ # overlay chaining requires '--enable-ldap' #296567
+ # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
+ myconf+=(
+ --enable-ldap=yes
+ --enable-slapd
+ $(use_enable cleartext)
+ $(use_enable crypt)
+ $(multilib_native_use_enable sasl spasswd)
+ --disable-slp
+ $(use_enable tcpd wrappers)
+ )
+ if use experimental ; then
+ # connectionless ldap per bug #342439
+ # connectionless is a unsupported feature according to Howard Chu
+ # see https://bugs.openldap.org/show_bug.cgi?id=9739
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ myconf+=(
+ --enable-dynacl
+ # ACI build as dynamic module not supported (yet)
+ --enable-aci=yes
+ )
+ fi
+
+ for option in modules rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # static SLAPD backends
+ for backend in mdb; do
+ myconf+=( --enable-${backend}=yes )
+ done
+
+ # module SLAPD backends
+ for backend in asyncmeta dnssrv meta null passwd relay sock; do
+ # missing modules: wiredtiger (not available in portage)
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ use perl && myconf+=( --enable-perl=mod )
+
+ if use odbc ; then
+ myconf+=( --enable-sql=mod )
+ if use iodbc ; then
+ myconf+=( --with-odbc="iodbc" )
+ append-cflags -I"${EPREFIX}"/usr/include/iodbc
+ else
+ myconf+=( --with-odbc="unixodbc" )
+ fi
+ fi
+
+ use overlays && myconf+=( --enable-overlays=mod )
+ # compile-in the syncprov
+ myconf+=( --enable-syncprov=yes )
+
+ # SLAPD Password Module Options
+ myconf+=(
+ $(use_enable argon2)
+ )
+
+ # Optional Packages
+ myconf+=(
+ $(use_with systemd)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ )
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ --without-systemd
+ )
+ fi
+
+ # Library Generation & Linking Options
+ myconf+=(
+ $(use_enable static-libs static)
+ --enable-shared
+ --enable-versioning
+ --with-pic
+ )
+
+ # some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ if use gnutls ; then
+ myconf+=( --with-tls="gnutls" )
+ else
+ # disable MD2 hash function
+ append-cflags -DOPENSSL_NO_MD2
+ myconf+=( --with-tls="openssl" )
+ fi
+ else
+ myconf+=( --with-tls="no" )
+ fi
+
+ tc-export AR CC CXX
+
+ ECONF_SOURCE="${S}" econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ --localstatedir="${EPREFIX}"/var \
+ --runstatedir="${EPREFIX}"/run \
+ --sharedstatedir="${EPREFIX}"/var/lib \
+ "${myconf[@]}"
+
+ # argument '--runstatedir' seems to have no effect therefore this workaround
+ sed -i \
+ -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
+ configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
+
+ sed -i \
+ -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
+ doc/guide/admin/security.sdf || die 'could not fix run path in doc'
+
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # we have to run it AFTER the main build, not just after the main configure
+ local myconf_ldapcpp=(
+ --with-libldap="${E}/lib"
+ --with-ldap-includes="${S}/include"
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+ local LDFLAGS=${LDFLAGS}
+ local CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}"
+ popd &>/dev/null || die "popd contrib/ldapc++"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC=$(tc-getCC) SHELL="${EPREFIX}"/bin/sh
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+ emake
+ popd &>/dev/null || die
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC=$(tc-getCC) libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap
+ popd &>/dev/null || die
+ fi
+
+ if use kerberos ; then
+ if use kinit ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ fi
+ build_contrib_module "passwd" "pw-kerberos.la"
+ fi
+
+ if use pbkdf2; then
+ build_contrib_module "passwd/pbkdf2"
+ fi
+
+ if use sha2 ; then
+ build_contrib_module "passwd/sha2"
+ fi
+
+ # We could build pw-radius if GNURadius would install radlib.h
+ build_contrib_module "passwd" "pw-netscape.la"
+
+ #build_contrib_module "acl" "posixgroup.la" # example code only
+ #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
+ build_contrib_module "addpartial"
+ build_contrib_module "allop"
+ build_contrib_module "allowed"
+ build_contrib_module "autogroup"
+ build_contrib_module "cloak"
+ # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop"
+ build_contrib_module "dsaschema"
+ build_contrib_module "dupent"
+ build_contrib_module "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod"
+ build_contrib_module "noopsrch"
+ #build_contrib_module "nops" https://bugs.gentoo.org/641576
+ #build_contrib_module "nssov" RESO:LATER
+ build_contrib_module "trace"
+ # build slapi-plugins
+ pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
+ einfo "Building contrib-module: addrdnvalues plugin"
+ $(tc-getCC) -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+ popd &>/dev/null || die
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ emake test
+ fi
+}
+
+multilib_src_install() {
+ emake CC=$(tc-getCC) \
+ DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"/etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"/etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default || die
+ eend $?
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
+ doinitd "${T}"/slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
+
+ einfo "Install systemd service"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
+ systemd_dounit "${T}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ # if built without SLP, we don't need to be before avahi
+ sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"/etc/init.d/slapd \
+ || die
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la */*/*.la; do
+ [[ -e ${l} ]] || continue
+ libtool --mode=install cp ${l} \
+ "${ED}"/usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+
+ if ! use static-libs ; then
+ find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
+ fi
+
+ rmdir "${ED}/run" || die
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ tmpfiles_process slapd.conf
+
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ if [[ -d "${EROOT}"/var/run/openldap ]]; then
+ use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
+ chmod 0755 "${EROOT}"/var/run/openldap || die
+ fi
+ use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
+ use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2022-03-20 21:04 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-03-20 21:04 UTC (permalink / raw
To: gentoo-commits
commit: 7accaa1bca99714064d7a7a69011d7186f8f0b92
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 20 20:26:09 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 20 21:04:27 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7accaa1b
net-nds/openldap: fix bashism in configure in 2.6.1
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/openldap-2.6.1-fix-bashism-configure.patch | 13 +++++++++++++
net-nds/openldap/openldap-2.6.1.ebuild | 1 +
2 files changed, 14 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch b/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch
new file mode 100644
index 000000000000..93b104198ba6
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch
@@ -0,0 +1,13 @@
+diff --git a/configure.ac b/configure.ac
+index a5075be..b78f2ad 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2055,7 +2055,7 @@ dnl
+ WITH_SYSTEMD=no
+ systemdsystemunitdir=
+ ol_link_systemd=no
+-if test $ol_enable_slapd == no && test $ol_enable_balancer != yes ; then
++if test $ol_enable_slapd = no && test $ol_enable_balancer != yes ; then
+ if test $ol_with_systemd != no ; then
+ AC_MSG_WARN([servers disabled, ignoring --with-systemd=$ol_with_systemd argument])
+ ol_with_systemd=no
diff --git a/net-nds/openldap/openldap-2.6.1.ebuild b/net-nds/openldap/openldap-2.6.1.ebuild
index 30b563e02efb..252fe1d5b198 100644
--- a/net-nds/openldap/openldap-2.6.1.ebuild
+++ b/net-nds/openldap/openldap-2.6.1.ebuild
@@ -145,6 +145,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.1-make-flags.patch
+ "${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch
)
openldap_filecount() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2022-05-09 23:08 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-05-09 23:08 UTC (permalink / raw
To: gentoo-commits
commit: 28228540cd1b8ae8326647437969fb716e9fe53e
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon May 9 23:08:04 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon May 9 23:08:04 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28228540
net-nds/openldap: fix parallel build failure
Closes: https://bugs.gentoo.org/836557
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/openldap-2.6.1-parallel-build.patch | 46 ++++++++++++++++++++++
net-nds/openldap/openldap-2.6.1-r1.ebuild | 1 +
2 files changed, 47 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.6.1-parallel-build.patch b/net-nds/openldap/files/openldap-2.6.1-parallel-build.patch
new file mode 100644
index 000000000000..757a33c602b2
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.1-parallel-build.patch
@@ -0,0 +1,46 @@
+https://github.com/openldap/openldap/commit/d7c0417bcfba5400c0be2ce83eaf43ec97c97edd.patch
+https://github.com/openldap/openldap/commit/d75de4d6e98e9501ada2b6a1d527669bd7eb2fa3.patch
+https://bugs.gentoo.org/836557
+
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Thu, 2 Dec 2021 11:38:15 +0800
+Subject: [PATCH] ITS#9840 - ldif-filter: fix parallel build failure
+
+Add slapd-common.o as dependency for ldif-filter to fix the parallel
+build failure:
+ ld: cannot find slapd-common.o: No such file or directory
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+--- a/tests/progs/Makefile.in
++++ b/tests/progs/Makefile.in
+@@ -56,7 +56,7 @@ slapd-modify: slapd-modify.o $(OBJS) $(XLIBS)
+ slapd-bind: slapd-bind.o $(OBJS) $(XLIBS)
+ $(LTLINK) -o $@ slapd-bind.o $(OBJS) $(LIBS)
+
+-ldif-filter: ldif-filter.o $(XLIBS)
++ldif-filter: ldif-filter.o $(OBJS) $(XLIBS)
+ $(LTLINK) -o $@ ldif-filter.o $(OBJS) $(LIBS)
+
+ slapd-mtread: slapd-mtread.o $(OBJS) $(XLIBS)
+
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 10 Jan 2022 10:13:51 +0800
+Subject: [PATCH] ITS#9840 - libraries/Makefile.in: ignore the mkdir errors
+
+Ignore the mkdir errors to fix the parallel build failure:
+
+../../build/shtool mkdir -p TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib
+mkdir: cannot create directory 'TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib': File exists
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+--- a/libraries/Makefile.in
++++ b/libraries/Makefile.in
+@@ -24,7 +24,7 @@ PKGCONFIG_DIR=$(DESTDIR)$(libdir)/pkgconfig
+ PKGCONFIG_SRCDIRS=liblber libldap
+
+ install-local:
+- @$(MKDIR) $(PKGCONFIG_DIR)
++ @-$(MKDIR) $(PKGCONFIG_DIR)
+ @for i in $(PKGCONFIG_SRCDIRS); do \
+ $(INSTALL_DATA) $$i/*.pc $(PKGCONFIG_DIR); \
+ done
diff --git a/net-nds/openldap/openldap-2.6.1-r1.ebuild b/net-nds/openldap/openldap-2.6.1-r1.ebuild
index f90979e12030..6c594f6880be 100644
--- a/net-nds/openldap/openldap-2.6.1-r1.ebuild
+++ b/net-nds/openldap/openldap-2.6.1-r1.ebuild
@@ -141,6 +141,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.1-make-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch
+ "${FILESDIR}"/${PN}-2.6.1-parallel-build.patch
)
openldap_filecount() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2022-11-25 7:05 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-11-25 7:05 UTC (permalink / raw
To: gentoo-commits
commit: a87f975e56106632436903be3e94e2f272d9269d
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 25 06:59:15 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 25 07:05:07 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a87f975e
net-nds/openldap: fix configure+build w/ clang 16 deux
The previous patch wasn't enough on some systems.
This affects the macro which ntp bundles too.
Closes: https://bugs.gentoo.org/871288
Bug: https://bugs.gentoo.org/871372
Bug: https://bugs.gentoo.org/882183
Fixes: d4d1d9ed527058cf86b22407cc492944f9b1e6e5
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openldap/files/openldap-2.6.3-clang16.patch | 48 ++++++++++++++++++----
...ap-2.6.3-r1.ebuild => openldap-2.6.3-r2.ebuild} | 0
2 files changed, 39 insertions(+), 9 deletions(-)
diff --git a/net-nds/openldap/files/openldap-2.6.3-clang16.patch b/net-nds/openldap/files/openldap-2.6.3-clang16.patch
index 4d9210b1f0fe..216d567329c5 100644
--- a/net-nds/openldap/files/openldap-2.6.3-clang16.patch
+++ b/net-nds/openldap/files/openldap-2.6.3-clang16.patch
@@ -1,6 +1,3 @@
-https://bugs.gentoo.org/871288
-https://bugs.gentoo.org/871372
-
From ee4983302d6f052e77ab0332d2a128d169c2eacb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <arsen@aarsen.me>
Date: Tue, 15 Nov 2022 21:45:27 +0100
@@ -16,9 +13,18 @@ This covers all the instances I could find by grepping around the
codebase, and gets OpenLDAP building on my system.
Bug: https://bugs.gentoo.org/871288
+Bug: https://bugs.gentoo.org/871372
--- a/build/openldap.m4
+++ b/build/openldap.m4
-@@ -360,9 +360,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
+@@ -154,6 +154,7 @@ fi
+ if test $ol_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <ctype.h>
++#include <stdlib.h>
+ #ifndef HAVE_EBCDIC
+ # define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+ # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+@@ -394,9 +395,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
[AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
@@ -29,7 +35,7 @@ Bug: https://bugs.gentoo.org/871288
{
OL_PTHREAD_TEST_FUNCTION
}
-@@ -484,7 +482,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[
+@@ -518,7 +517,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[
#include <sys/types.h>
#include <regex.h>
static char *pattern, *string;
@@ -38,16 +44,17 @@ Bug: https://bugs.gentoo.org/871288
{
int rc;
regex_t re;
-@@ -511,7 +509,7 @@ AC_DEFUN([OL_C_UPPER_LOWER],
+@@ -545,7 +544,8 @@ AC_DEFUN([OL_C_UPPER_LOWER],
[AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <ctype.h>
-main()
++#include <stdlib.h>
+int main(void)
{
if ('C' == toupper('C'))
exit(0);
-@@ -569,7 +567,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R],
+@@ -603,7 +603,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R],
]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no])
else
AC_RUN_IFELSE([AC_LANG_SOURCE([[
@@ -58,7 +65,30 @@ Bug: https://bugs.gentoo.org/871288
strerror_r( 1, buf, sizeof buf );
--- a/configure.ac
+++ b/configure.ac
-@@ -1547,8 +1547,7 @@ dnl esac
+@@ -1031,7 +1031,11 @@ dnl ----------------------------------------------------------------
+ AC_CHECK_HEADERS( sys/epoll.h )
+ if test "${ac_cv_header_sys_epoll_h}" = yes; then
+ AC_MSG_CHECKING(for epoll system call)
+- AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv)
++ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
++#ifdef HAVE_SYS_POLL_H
++#include <sys/epoll.h>
++#endif
++int main(int argc, char **argv)
+ {
+ int epfd = epoll_create(256);
+ exit (epfd == -1 ? 1 : 0);
+@@ -1551,6 +1555,9 @@ dnl esac
+ AC_CACHE_CHECK([if select yields when using pthreads],
+ ol_cv_pthread_select_yields,[
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
++#define _XOPEN_SOURCE 500 /* For pthread_setconcurrency() on glibc */
++#include <stdlib.h>
++#include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <unistd.h>
+@@ -1561,8 +1568,7 @@ dnl esac
static int fildes[2];
@@ -68,7 +98,7 @@ Bug: https://bugs.gentoo.org/871288
{
int i;
struct timeval tv;
-@@ -1572,9 +1571,7 @@ static void *task(p)
+@@ -1586,9 +1592,7 @@ static void *task(p)
exit(0); /* if we exit here, the select blocked the whole process */
}
diff --git a/net-nds/openldap/openldap-2.6.3-r1.ebuild b/net-nds/openldap/openldap-2.6.3-r2.ebuild
similarity index 100%
rename from net-nds/openldap/openldap-2.6.3-r1.ebuild
rename to net-nds/openldap/openldap-2.6.3-r2.ebuild
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2022-12-01 5:17 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-12-01 5:17 UTC (permalink / raw
To: gentoo-commits
commit: 2796665929bb8baa0d9ffa0e17d1c573b9fdef02
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 1 05:08:28 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 1 05:12:58 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27966659
net-nds/openldap: another pthread configure fix
Bug: https://bugs.gentoo.org/871372
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openldap/files/openldap-2.6.3-clang16.patch | 22 +++++++++++++++++++---
...ap-2.6.3-r2.ebuild => openldap-2.6.3-r3.ebuild} | 0
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/net-nds/openldap/files/openldap-2.6.3-clang16.patch b/net-nds/openldap/files/openldap-2.6.3-clang16.patch
index 216d567329c5..7027197281b2 100644
--- a/net-nds/openldap/files/openldap-2.6.3-clang16.patch
+++ b/net-nds/openldap/files/openldap-2.6.3-clang16.patch
@@ -78,7 +78,20 @@ Bug: https://bugs.gentoo.org/871372
{
int epfd = epoll_create(256);
exit (epfd == -1 ? 1 : 0);
-@@ -1551,6 +1555,9 @@ dnl esac
+@@ -1493,10 +1497,8 @@ pthread_rwlock_t rwlock;
+ dnl save the flags
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+ #include <pthread.h>
+-#ifndef NULL
+-#define NULL (void*)0
+-#endif
+-]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
++pthread_t thread;
++]], [[pthread_detach(thread);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
+ ])
+
+ if test $ol_cv_func_pthread_detach = no ; then
+@@ -1551,6 +1553,9 @@ dnl esac
AC_CACHE_CHECK([if select yields when using pthreads],
ol_cv_pthread_select_yields,[
AC_RUN_IFELSE([AC_LANG_SOURCE([[
@@ -88,7 +101,7 @@ Bug: https://bugs.gentoo.org/871372
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
-@@ -1561,8 +1568,7 @@ dnl esac
+@@ -1561,8 +1566,7 @@ dnl esac
static int fildes[2];
@@ -98,7 +111,7 @@ Bug: https://bugs.gentoo.org/871372
{
int i;
struct timeval tv;
-@@ -1586,9 +1592,7 @@ static void *task(p)
+@@ -1586,9 +1590,7 @@ static void *task(p)
exit(0); /* if we exit here, the select blocked the whole process */
}
@@ -167,3 +180,6 @@ Bug: https://bugs.gentoo.org/871372
{
(void)close(LogFile);
LogFile = -1;
+--
+2.38.1
+
diff --git a/net-nds/openldap/openldap-2.6.3-r2.ebuild b/net-nds/openldap/openldap-2.6.3-r3.ebuild
similarity index 100%
rename from net-nds/openldap/openldap-2.6.3-r2.ebuild
rename to net-nds/openldap/openldap-2.6.3-r3.ebuild
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2023-01-30 16:46 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-01-30 16:46 UTC (permalink / raw
To: gentoo-commits
commit: d0ba328a4d04859f280c941506183885b964945a
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 30 16:08:45 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jan 30 16:44:23 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0ba328a
net-nds/openldap: set NotifyAccess=all in slapd-2.6.1.service
Bug: https://bugs.gentoo.org/843029
Fixes: e276465660720433c8261e3fcbdcb974547de341
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
net-nds/openldap/files/slapd-2.6.1.service | 1 +
net-nds/openldap/files/slapd.service | 1 -
net-nds/openldap/{openldap-2.6.3-r5.ebuild => openldap-2.6.3-r6.ebuild} | 0
3 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/net-nds/openldap/files/slapd-2.6.1.service b/net-nds/openldap/files/slapd-2.6.1.service
index 5f08be3b37f9..ff571d25556a 100644
--- a/net-nds/openldap/files/slapd-2.6.1.service
+++ b/net-nds/openldap/files/slapd-2.6.1.service
@@ -7,6 +7,7 @@ Type=notify
PIDFile=/run/openldap/slapd.pid
ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS
ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
+NotifyAccess=all
[Install]
WantedBy=multi-user.target
diff --git a/net-nds/openldap/files/slapd.service b/net-nds/openldap/files/slapd.service
index 028dc879f46a..3427b87e936e 100644
--- a/net-nds/openldap/files/slapd.service
+++ b/net-nds/openldap/files/slapd.service
@@ -7,7 +7,6 @@ Type=forking
PIDFile=/run/openldap/slapd.pid
ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS
ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
-NotifyAccess=all
[Install]
WantedBy=multi-user.target
diff --git a/net-nds/openldap/openldap-2.6.3-r5.ebuild b/net-nds/openldap/openldap-2.6.3-r6.ebuild
similarity index 100%
rename from net-nds/openldap/openldap-2.6.3-r5.ebuild
rename to net-nds/openldap/openldap-2.6.3-r6.ebuild
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2023-02-09 23:48 Robin H. Johnson
0 siblings, 0 replies; 12+ messages in thread
From: Robin H. Johnson @ 2023-02-09 23:48 UTC (permalink / raw
To: gentoo-commits
commit: bf339dafe9121c8d4bfe8e5eba6d07e7b08127a2
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 9 23:47:49 2023 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Thu Feb 9 23:48:30 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf339daf
net-nds/openldap: tweak upgrade safety checks & default database backend for 2.6
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Closes: https://bugs.gentoo.org/893646
net-nds/openldap/files/openldap-2.6.3-slapd-conf | 64 ++++++++++++++++++++++++
net-nds/openldap/openldap-2.6.3-r3.ebuild | 2 +-
net-nds/openldap/openldap-2.6.3-r7.ebuild | 17 +++++--
3 files changed, 79 insertions(+), 4 deletions(-)
diff --git a/net-nds/openldap/files/openldap-2.6.3-slapd-conf b/net-nds/openldap/files/openldap-2.6.3-slapd-conf
new file mode 100644
index 000000000000..4555c620c281
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.3-slapd-conf
@@ -0,0 +1,64 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /etc/openldap/schema/core.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /run/openldap/slapd.pid
+argsfile /run/openldap/slapd.args
+
+# Load dynamic backend modules:
+###INSERTDYNAMICMODULESHERE###
+
+# Sample security restrictions
+# Require integrity protection (prevent hijacking)
+# Require 112-bit (3DES or better) encryption for updates
+# Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access
+# Allow authenticated users read access
+# Allow anonymous users to authenticate
+# Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+# by self write
+# by users read
+# by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn. (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database mdb
+suffix "dc=my-domain,dc=com"
+# <kbyte> <min>
+checkpoint 32 30
+rootdn "cn=Manager,dc=my-domain,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw secret
+# The database directory MUST exist prior to running slapd AND
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory /var/lib/openldap-data
+# Indices to maintain
+index objectClass eq
diff --git a/net-nds/openldap/openldap-2.6.3-r3.ebuild b/net-nds/openldap/openldap-2.6.3-r3.ebuild
index fccec9c055ec..55df096bb65f 100644
--- a/net-nds/openldap/openldap-2.6.3-r3.ebuild
+++ b/net-nds/openldap/openldap-2.6.3-r3.ebuild
@@ -643,7 +643,7 @@ multilib_src_install() {
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
diff --git a/net-nds/openldap/openldap-2.6.3-r7.ebuild b/net-nds/openldap/openldap-2.6.3-r7.ebuild
index 0c699006bb9c..dd5276bf5a17 100644
--- a/net-nds/openldap/openldap-2.6.3-r7.ebuild
+++ b/net-nds/openldap/openldap-2.6.3-r7.ebuild
@@ -166,7 +166,7 @@ openldap_find_versiontags() {
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs[@]} ; do
- CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
+ CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
einfo "- Checking ${each}..."
@@ -232,7 +232,18 @@ openldap_find_versiontags() {
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
local fail=0
- if has_version "${CATEGORY}/${PN}[berkdb]" ; then
+ # This will not cover detection of cn=Config based configuration, but
+ # it's hopefully good enough.
+ if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
+ eerror " OpenLDAP >= 2.6.x has dropped support for Shell backend."
+ eerror " You will need to migrate per upstream's migration notes"
+ eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
+ eerror " Your existing database will not be accessible until it is"
+ eerror " converted away from backend shell!"
+ echo
+ fail=1
+ fi
+ if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
eerror " OpenLDAP >= 2.6.x has dropped support for Berkeley DB."
eerror " You will need to migrate per upstream's migration notes"
eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
@@ -652,7 +663,7 @@ multilib_src_install() {
# use our config
rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/
@ 2024-08-25 0:57 Robin H. Johnson
0 siblings, 0 replies; 12+ messages in thread
From: Robin H. Johnson @ 2024-08-25 0:57 UTC (permalink / raw
To: gentoo-commits
commit: 5b8bad5b3a97dcd818dbd76167f7ac1bcc137046
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 25 00:53:49 2024 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun Aug 25 00:56:46 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b8bad5b
net-nds/openldap: QA cleanup
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
net-nds/openldap/Manifest | 2 -
.../openldap-2.6.1-fix-bashism-configure.patch | 11 -
net-nds/openldap/openldap-2.4.59-r2.ebuild | 6 +-
net-nds/openldap/openldap-2.4.59-r3.ebuild | 12 +-
net-nds/openldap/openldap-2.5.14.ebuild | 8 +-
net-nds/openldap/openldap-2.5.16.ebuild | 8 +-
net-nds/openldap/openldap-2.5.18.ebuild | 15 +-
net-nds/openldap/openldap-2.6.3-r7.ebuild | 827 --------------------
net-nds/openldap/openldap-2.6.4-r1.ebuild | 861 --------------------
net-nds/openldap/openldap-2.6.4-r2.ebuild | 867 --------------------
net-nds/openldap/openldap-2.6.4-r3.ebuild | 2 +-
net-nds/openldap/openldap-2.6.5-r1.ebuild | 870 ---------------------
net-nds/openldap/openldap-2.6.6-r2.ebuild | 2 +-
net-nds/openldap/openldap-2.6.6.ebuild | 870 ---------------------
14 files changed, 36 insertions(+), 4325 deletions(-)
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest
index 13fcc87211c3..b8161c1bb97c 100644
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@@ -2,9 +2,7 @@ DIST openldap-2.4.59.tgz 5886272 BLAKE2B a2a8bed1d2af97fd41d651668152fd4740871bc
DIST openldap-OPENLDAP_REL_ENG_2_5_14.tar.bz2 5024359 BLAKE2B ffdffbd47e76545c2dc2d433d290945ab6eebd910031a60249cd8f6eac24f67841098e61c7e57864428e20a183a46d36dac422bba8cf6f3596f97439875af96b SHA512 abd1e8bda0762500db028f283fe2da9480a419072927295d6f3e1448cae130592511f385a87585843cf88217417c90ef57174ca919cfcf163eb41642a72bb4e3
DIST openldap-OPENLDAP_REL_ENG_2_5_16.tar.bz2 5022608 BLAKE2B 829e416e3cf92d36df0d6642e44083f9b288ef9c3743a84aef3f03cdf7b08b21ea45231653a2659fe0da285ca47a346d336d02c8e0dda21f039fb9e49630262b SHA512 629b92e275b69a540b200e61165492a4706afdf7b15d21bfe2f1fd4c338ecf397ad0c918e36dcef54d1f0cede2f039a8f73d4735f00e892d64ce9a177d490a07
DIST openldap-OPENLDAP_REL_ENG_2_5_18.tar.bz2 5026131 BLAKE2B 0f1a00995bd880b3ee42c4de2c3a405ebb7969de253f4b3866eb46c1856b61539ed7e1133a1b11636efc1da1ed5fc6cae53da60b22ab31486518000d34ff6324 SHA512 77a84950c905d2a4bd25f93108eb79f1416689176531246f12b4c3f6e8e3fe689504cd3f9875142e9bf665306a622ac8fe7e6b39aa4be67099f0965a16634526
-DIST openldap-OPENLDAP_REL_ENG_2_6_3.tar.gz 6244895 BLAKE2B 97792a1b368de44867b0ce9eef38601c3e64b7d40e4ca206295bee110097697c919040d2220eea6f0581812e09a2cc3e6afb4a243a5072a8a0a95f24f9fb354b SHA512 1c882a0cd0729b5d0f40b58588d0e36ae3b1cae6d569f0576e940c7c63d03c29ed2c9db87695a87594ba99a927ef4cba491bddba3ce049025fd5883463122ba7
DIST openldap-OPENLDAP_REL_ENG_2_6_4.tar.bz2 5043227 BLAKE2B 9bec77dbace0e52d1607d9ac13a77349e7d0b8876aa81fa635893638d00db58ec6bf8412f11fd266bba0440887be1aa21eb4a876122152f7f6de9fd8f75b6b4c SHA512 bff11bf1ae125bcabbd307f6c4e1c102a8df6f1091f84f5e7053fdbaa89ccd6aa0c86cc8dcce4fb9b6ffd853b5f8d3c933733f5713aeb4d6a9d77ab145293b48
-DIST openldap-OPENLDAP_REL_ENG_2_6_5.tar.bz2 5040569 BLAKE2B d1835e560a81bc3df2eb44964162306057ad28869a1e41da7ab823460b4a33437cd385ec9448a6df9bc580afd04dff5c4680e0b91a2f16960ad2c5f3812410ba SHA512 d259ca5ac8fbdcf9bb477e24c0feaf05678ab660007164a54463a954f1b26c3f9740855d16155fa249adcb2652223fdcfc682bb4005b46a5f36e2d5cae37f158
DIST openldap-OPENLDAP_REL_ENG_2_6_6.tar.bz2 5040213 BLAKE2B 2497b6698344674a9e8db5f2f2531541167065bb8ac9f512ecdb9349115140d5e83daef9b489e244eee08445de57599ddcfeeed71d4aab41edc58a3092910925 SHA512 3c235ff7b26f753afeb0176e95ecbf6a353bf76f00935c091323366bf97289f628d4d7b4ae3e2a31fe0797715d6c69e6704967dc79ccbae7add3023e226ad73b
DIST openldap-OPENLDAP_REL_ENG_2_6_8.tar.bz2 5065637 BLAKE2B d55345c11bd8892a594c3f7114cd1368e017c2e29997da7a80bdd915308d498f62dfb5cc3a3360b50df78ef5f90a48a566a8ce3ace85ebf9aa6b288a37c4eff2 SHA512 556d1377afc73a84ee325c4d7bcc8446def936b67d3f07df4bd2a243ff30f268c5c0c298977482df1e1a86b2b7a0cd7846fc1f51d706748d39f67f5d621ccc04
DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e
diff --git a/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch b/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch
deleted file mode 100644
index c2acb679e3ba..000000000000
--- a/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -2055,7 +2055,7 @@ dnl
- WITH_SYSTEMD=no
- systemdsystemunitdir=
- ol_link_systemd=no
--if test $ol_enable_slapd == no && test $ol_enable_balancer != yes ; then
-+if test $ol_enable_slapd = no && test $ol_enable_balancer != yes ; then
- if test $ol_with_systemd != no ; then
- AC_MSG_WARN([servers disabled, ignoring --with-systemd=$ol_with_systemd argument])
- ol_with_systemd=no
diff --git a/net-nds/openldap/openldap-2.4.59-r2.ebuild b/net-nds/openldap/openldap-2.4.59-r2.ebuild
index c40329c153ec..4806ec8b4eb0 100644
--- a/net-nds/openldap/openldap-2.4.59-r2.ebuild
+++ b/net-nds/openldap/openldap-2.4.59-r2.ebuild
@@ -693,7 +693,8 @@ multilib_src_compile() {
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match"
+ # comp_match: really complex, adds new external deps, questionable demand
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
@@ -757,7 +758,8 @@ multilib_src_install() {
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
+ -i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
diff --git a/net-nds/openldap/openldap-2.4.59-r3.ebuild b/net-nds/openldap/openldap-2.4.59-r3.ebuild
index e553c3425988..9de40ce840dd 100644
--- a/net-nds/openldap/openldap-2.4.59-r3.ebuild
+++ b/net-nds/openldap/openldap-2.4.59-r3.ebuild
@@ -422,9 +422,11 @@ src_configure() {
# The configure scripts make some assumptions that aren't valid in newer GCC.
# https://bugs.gentoo.org/920380
append-flags $(test-flags-CC -Wno-error=implicit-int)
- # conftest.c:113:16: error: passing argument 1 of 'pthread_detach' makes integer from pointer without a cast [-Wint-conversion]
+ # conftest.c:113:16: error: passing argument 1 of 'pthread_detach' makes
+ # integer from pointer without a cast [-Wint-conversion]
append-flags $(test-flags-CC -Wno-error=int-conversion)
- # error: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type [-Wincompatible-pointer-types]
+ # error: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type
+ # [-Wincompatible-pointer-types]
# expected ‘char **’ but argument is of type ‘const char **’
append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
@@ -714,7 +716,8 @@ multilib_src_compile() {
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ # comp_match: really complex, adds new external deps, questionable demand
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match"
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
build_contrib_module "dupent" "dupent.c" "dupent"
@@ -778,7 +781,8 @@ multilib_src_install() {
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
+ -i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
diff --git a/net-nds/openldap/openldap-2.5.14.ebuild b/net-nds/openldap/openldap-2.5.14.ebuild
index 0abdc8dcb986..62ff82759fc4 100644
--- a/net-nds/openldap/openldap-2.5.14.ebuild
+++ b/net-nds/openldap/openldap-2.5.14.ebuild
@@ -339,7 +339,10 @@ src_prepare() {
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
- local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' libraries/liblmdb/lmdb.h || die)
+ local bundled_lmdb_version=$(
+ sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
+ libraries/liblmdb/lmdb.h || die
+ )
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
@@ -708,7 +711,8 @@ multilib_src_install() {
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
+ -i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
diff --git a/net-nds/openldap/openldap-2.5.16.ebuild b/net-nds/openldap/openldap-2.5.16.ebuild
index 6d3babe45f1b..21845b57060c 100644
--- a/net-nds/openldap/openldap-2.5.16.ebuild
+++ b/net-nds/openldap/openldap-2.5.16.ebuild
@@ -337,7 +337,10 @@ src_prepare() {
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
- local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' libraries/liblmdb/lmdb.h || die)
+ local bundled_lmdb_version=$(
+ sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
+ libraries/liblmdb/lmdb.h || die
+ )
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
@@ -706,7 +709,8 @@ multilib_src_install() {
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
+ -i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
diff --git a/net-nds/openldap/openldap-2.5.18.ebuild b/net-nds/openldap/openldap-2.5.18.ebuild
index 41d46debc6b3..150d0a95e6ca 100644
--- a/net-nds/openldap/openldap-2.5.18.ebuild
+++ b/net-nds/openldap/openldap-2.5.18.ebuild
@@ -337,7 +337,10 @@ src_prepare() {
#
# Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
# the bundled lmdb's header to find out the version.
- local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' libraries/liblmdb/lmdb.h || die)
+ local bundled_lmdb_version=$(
+ sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
+ libraries/liblmdb/lmdb.h || die
+ )
printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
@@ -408,9 +411,11 @@ multilib_src_configure() {
# The configure scripts make some assumptions that aren't valid in newer GCC.
# https://bugs.gentoo.org/920380
append-flags $(test-flags-CC -Wno-error=implicit-int)
- # conftest.c:113:16: error: passing argument 1 of 'pthread_detach' makes integer from pointer without a cast [-Wint-conversion]
+ # conftest.c:113:16: error: passing argument 1 of 'pthread_detach' makes
+ # integer from pointer without a cast [-Wint-conversion]
append-flags $(test-flags-CC -Wno-error=int-conversion)
- # error: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type [-Wincompatible-pointer-types]
+ # error: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type
+ # [-Wincompatible-pointer-types]
# expected ‘char **’ but argument is of type ‘const char **’
append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
@@ -565,7 +570,6 @@ src_configure_cxx() {
popd &>/dev/null || die "popd contrib/ldapc++"
}
-
multilib_src_compile() {
tc-export AR CC CXX
emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
@@ -716,7 +720,8 @@ multilib_src_install() {
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
+ -i "${configfile}"
use prefix || fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default || die
diff --git a/net-nds/openldap/openldap-2.6.3-r7.ebuild b/net-nds/openldap/openldap-2.6.3-r7.ebuild
deleted file mode 100644
index b60d581438f2..000000000000
--- a/net-nds/openldap/openldap-2.6.3-r7.ebuild
+++ /dev/null
@@ -1,827 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Re cleanups:
-# 2.5.x is an LTS release so we want to keep it for a while.
-
-inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
-
-MY_PV="$(ver_rs 1-2 _)"
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="https://www.openldap.org/"
-SRC_URI="
- https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz
- mirror://gentoo/${BIS_P}
-"
-S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
-
-LICENSE="OPENLDAP GPL-2"
-# Subslot added for bug #835654
-SLOT="0/$(ver_cut 1-2)"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
-
-IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
-IUSE_OVERLAY="overlays perl autoca"
-IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
-IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
-IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
-IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-REQUIRED_USE="cxx? ( sasl )
- pbkdf2? ( ssl )
- test? ( cleartext sasl )
- autoca? ( !gnutls )
- ?? ( test minimal )
- kerberos? ( ?? ( kinit smbkrb5passwd ) )"
-RESTRICT="!test? ( test )"
-
-# openssl is needed to generate lanman-passwords required by samba
-COMMON_DEPEND="
- kernel_linux? ( sys-apps/util-linux )
- ssl? (
- !gnutls? (
- >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
- )
- gnutls? (
- >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
- >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
- )
- )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- dev-libs/libltdl
- sys-fs/e2fsprogs
- >=dev-db/lmdb-0.9.18:=
- argon2? ( app-crypt/argon2:= )
- crypt? ( virtual/libcrypt:= )
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- dev-libs/openssl:0=
- )
- smbkrb5passwd? (
- dev-libs/openssl:0=
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? (
- virtual/krb5
- kinit? ( !app-crypt/heimdal )
- )
- )
-"
-DEPEND="${COMMON_DEPEND}
- sys-apps/groff
-"
-RDEPEND="${COMMON_DEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-
-# The user/group are only used for running daemons which are
-# disabled in minimal builds, so elide the accounts too.
-BDEPEND="!minimal? (
- acct-group/ldap
- acct-user/ldap
-)
-"
-
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
- "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
- "${FILESDIR}"/${PN}-2.6.1-cloak.patch
- "${FILESDIR}"/${PN}-2.6.1-flags.patch
- "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
- "${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch
- "${FILESDIR}"/${PN}-2.6.3-clang16.patch
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- local openldap_datadirs=()
- if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
- openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
- fi
- openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs[@]} ; do
- CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
- CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
- if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
- einfo "- Checking ${each}..."
- if [[ -r "${CURRENT_TAG}" ]] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source "${CURRENT_TAG}"
- if [[ "${OLDPF}" == "" ]] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
-
- [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
-
- # are we on the same branch?
- if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
- SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
- if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- local fail=0
-
- # This will not cover detection of cn=Config based configuration, but
- # it's hopefully good enough.
- if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted away from backend shell!"
- echo
- fail=1
- fi
- if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted to mdb!"
- echo
- fail=1
- elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- :
- # Nothing wrong here.
- elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [[ "${fail}" == "1" ]] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- local d l i
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. Check that your data is intact."
- eerror "11. Set up the new replication system."
- eerror
- if [[ "${FORCE_UPGRADE}" != "1" ]]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-}
-
-src_prepare() {
- rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
-
- for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
- iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8"
- mv "$filename.utf8" "$filename"
- done
-
- default
-
- sed -i \
- -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
- -e '/MKDIR.*.(DESTDIR)\/run/d' \
- -e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \
- servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
-
- pushd build &>/dev/null || die "pushd build"
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to remove to early stripping"
- popd &>/dev/null || die
-
- eautoreconf
- multilib_copy_sources
-}
-
-build_contrib_module() {
- # <dir> [<target>]
- pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
- einfo "Compiling contrib-module: $1"
- local target="${2:-all}"
- emake \
- LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
- "$target"
- popd &>/dev/null || die
-}
-
-multilib_src_configure() {
- # Optional Features
- myconf+=(
- --enable-option-checking
- $(use_enable debug)
- --enable-dynamic
- $(use_enable syslog)
- $(use_enable ipv6)
- --enable-local
- )
-
- # Optional Packages
- myconf+=(
- --without-fetch
- )
-
- if ! use minimal && multilib_is_native_abi; then
- # SLAPD (Standalone LDAP Daemon) Options
- # overlay chaining requires '--enable-ldap' #296567
- # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
- myconf+=(
- --enable-ldap=yes
- --enable-slapd
- $(use_enable cleartext)
- $(use_enable crypt)
- $(multilib_native_use_enable sasl spasswd)
- --disable-slp
- $(use_enable tcpd wrappers)
- )
- if use experimental ; then
- # connectionless ldap per bug #342439
- # connectionless is a unsupported feature according to Howard Chu
- # see https://bugs.openldap.org/show_bug.cgi?id=9739
- append-cppflags -DLDAP_CONNECTIONLESS
-
- myconf+=(
- --enable-dynacl
- # ACI build as dynamic module not supported (yet)
- --enable-aci=yes
- )
- fi
-
- for option in modules rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # static SLAPD backends
- for backend in mdb; do
- myconf+=( --enable-${backend}=yes )
- done
-
- # module SLAPD backends
- for backend in asyncmeta dnssrv meta null passwd relay sock; do
- # missing modules: wiredtiger (not available in portage)
- myconf+=( --enable-${backend}=mod )
- done
-
- use perl && myconf+=( --enable-perl=mod )
-
- if use odbc ; then
- myconf+=( --enable-sql=mod )
- if use iodbc ; then
- myconf+=( --with-odbc="iodbc" )
- append-cflags -I"${EPREFIX}"/usr/include/iodbc
- else
- myconf+=( --with-odbc="unixodbc" )
- fi
- fi
-
- use overlays && myconf+=( --enable-overlays=mod )
- use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
- # compile-in the syncprov
- myconf+=( --enable-syncprov=yes )
-
- # SLAPD Password Module Options
- myconf+=(
- $(use_enable argon2)
- )
-
- # Optional Packages
- myconf+=(
- $(use_with systemd)
- $(multilib_native_use_with sasl cyrus-sasl)
- )
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-mdb
- --disable-overlays
- --disable-autoca
- --disable-syslog
- --without-systemd
- )
- fi
-
- # Library Generation & Linking Options
- myconf+=(
- $(use_enable static-libs static)
- --enable-shared
- --enable-versioning
- --with-pic
- )
-
- # some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- if use gnutls ; then
- myconf+=( --with-tls="gnutls" )
- else
- # disable MD2 hash function
- append-cflags -DOPENSSL_NO_MD2
- myconf+=( --with-tls="openssl" )
- fi
- else
- myconf+=( --with-tls="no" )
- fi
-
- tc-export AR CC CXX
-
- ECONF_SOURCE="${S}" econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- --localstatedir="${EPREFIX}"/var \
- --runstatedir="${EPREFIX}"/run \
- --sharedstatedir="${EPREFIX}"/var/lib \
- "${myconf[@]}"
-
- # argument '--runstatedir' seems to have no effect therefore this workaround
- sed -i \
- -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
- configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
-
- sed -i \
- -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
- doc/guide/admin/security.sdf || die 'could not fix run path in doc'
-
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # we have to run it AFTER the main build, not just after the main configure
- local myconf_ldapcpp=(
- --with-libldap="${E}/lib"
- --with-ldap-includes="${S}/include"
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
- local LDFLAGS=${LDFLAGS}
- local CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}"
- popd &>/dev/null || die "popd contrib/ldapc++"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
- emake
- popd &>/dev/null || die
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use kerberos ; then
- if use kinit ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- fi
- build_contrib_module "passwd" "pw-kerberos.la"
- fi
-
- if use pbkdf2; then
- build_contrib_module "passwd/pbkdf2"
- fi
-
- if use sha2 ; then
- build_contrib_module "passwd/sha2"
- fi
-
- # We could build pw-radius if GNURadius would install radlib.h
- build_contrib_module "passwd" "pw-netscape.la"
-
- #build_contrib_module "acl" "posixgroup.la" # example code only
- #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
- build_contrib_module "addpartial"
- build_contrib_module "allop"
- build_contrib_module "allowed"
- build_contrib_module "autogroup"
- build_contrib_module "cloak"
- # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop"
- build_contrib_module "dsaschema"
- build_contrib_module "dupent"
- build_contrib_module "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod"
- build_contrib_module "noopsrch"
- #build_contrib_module "nops" https://bugs.gentoo.org/641576
- #build_contrib_module "nssov" RESO:LATER
- build_contrib_module "trace"
- # build slapi-plugins
- pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
- einfo "Building contrib-module: addrdnvalues plugin"
- $(tc-getCC) -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
- popd &>/dev/null || die
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd "tests"
- pwd
- # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
- # emake partests => runs ALL of the tests in parallel
- # wt/WiredTiger is not supported in Gentoo
- TESTS=( plloadd pmdb )
- #TESTS+=( pldif ) # not done by default, so also exclude here
- #use odbc && TESTS+=( psql ) # not done by default, so also exclude here
- emake "${TESTS[@]}"
- fi
-}
-
-multilib_src_install() {
- emake CC="$(tc-getCC)" \
- DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"/etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
- configfile="${ED}"/etc/openldap/slapd.conf
-
- # populate with built backends
- einfo "populate config with built backends"
- for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default || die
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
- doinitd "${T}"/slapd
- newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
-
- if use systemd; then
- # The systemd unit uses Type=notify, so it is useless without USE=systemd
- einfo "Install systemd service"
- rm -rf "${ED}"/{,usr/}lib/systemd
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
- systemd_dounit "${T}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
- fi
-
- # if built without SLP, we don't need to be before avahi
- sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"/etc/init.d/slapd \
- || die
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la */*/*.la; do
- [[ -e ${l} ]] || continue
- libtool --mode=install cp ${l} \
- "${ED}"/usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-
- if ! use static-libs ; then
- find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- if use systemd; then
- tmpfiles_process slapd.conf
- fi
-
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- if [[ -d "${EROOT}"/var/run/openldap ]]; then
- use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
- chmod 0755 "${EROOT}"/var/run/openldap || die
- fi
- use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
- use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.6.4-r1.ebuild b/net-nds/openldap/openldap-2.6.4-r1.ebuild
deleted file mode 100644
index 2f6ab178605e..000000000000
--- a/net-nds/openldap/openldap-2.6.4-r1.ebuild
+++ /dev/null
@@ -1,861 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Re cleanups:
-# 2.5.x is an LTS release so we want to keep it for a while.
-
-inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
-
-MY_PV="$(ver_rs 1-2 _)"
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="https://www.openldap.org/"
-SRC_URI="
- https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
- mirror://gentoo/${BIS_P}
-"
-S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
-
-LICENSE="OPENLDAP GPL-2"
-# Subslot added for bug #835654
-SLOT="0/$(ver_cut 1-2)"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
-
-IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
-IUSE_OVERLAY="overlays perl autoca"
-IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
-IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
-IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
-IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-REQUIRED_USE="cxx? ( sasl )
- pbkdf2? ( ssl )
- test? ( cleartext sasl )
- autoca? ( !gnutls )
- ?? ( test minimal )
- kerberos? ( ?? ( kinit smbkrb5passwd ) )"
-RESTRICT="!test? ( test )"
-
-SYSTEM_LMDB_VER=0.9.30
-# openssl is needed to generate lanman-passwords required by samba
-COMMON_DEPEND="
- kernel_linux? ( sys-apps/util-linux )
- ssl? (
- !gnutls? (
- >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
- )
- gnutls? (
- >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
- >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
- )
- )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- dev-libs/libltdl
- sys-fs/e2fsprogs
- >=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
- argon2? ( app-crypt/argon2:= )
- crypt? ( virtual/libcrypt:= )
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- dev-libs/openssl:0=
- )
- smbkrb5passwd? (
- dev-libs/openssl:0=
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? (
- virtual/krb5
- kinit? ( !app-crypt/heimdal )
- )
- )
-"
-DEPEND="${COMMON_DEPEND}
- sys-apps/groff
-"
-RDEPEND="${COMMON_DEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-
-# The user/group are only used for running daemons which are
-# disabled in minimal builds, so elide the accounts too.
-BDEPEND="!minimal? (
- acct-group/ldap
- acct-user/ldap
-)
-"
-
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
- "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
- "${FILESDIR}"/${PN}-2.6.1-cloak.patch
- "${FILESDIR}"/${PN}-2.6.1-flags.patch
- "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
- "${FILESDIR}"/${PN}-2.6.4-clang16.patch
- "${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- local openldap_datadirs=()
- if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
- openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
- fi
- openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs[@]} ; do
- CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
- CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
- if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
- einfo "- Checking ${each}..."
- if [[ -r "${CURRENT_TAG}" ]] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source "${CURRENT_TAG}"
- if [[ "${OLDPF}" == "" ]] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
-
- [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
-
- # are we on the same branch?
- if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
- SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
- if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- local fail=0
-
- # This will not cover detection of cn=Config based configuration, but
- # it's hopefully good enough.
- if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted away from backend shell!"
- echo
- fail=1
- fi
- if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted to mdb!"
- echo
- fail=1
- elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- :
- # Nothing wrong here.
- elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [[ "${fail}" == "1" ]] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- local d l i
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. Check that your data is intact."
- eerror "11. Set up the new replication system."
- eerror
- if [[ "${FORCE_UPGRADE}" != "1" ]]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-}
-
-src_prepare() {
- # The system copy of dev-db/lmdb must match the version that this copy
- # of OpenLDAP shipped with! See bug #588792.
- #
- # Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
- # the bundled lmdb's header to find out the version.
- local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' libraries/liblmdb/lmdb.h || die)
- printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
-
- if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
- eerror "Source lmdb version: ${bundled_lmdb_version}"
- eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
- die "Ebuild needs to update SYSTEM_LMDB_VER!"
- fi
-
- rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
-
- local filename
- for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
- iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
- mv "${filename}.utf8" "${filename}"
- done
-
- default
-
- sed -i \
- -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
- -e '/MKDIR.*.(DESTDIR)\/run/d' \
- -e '/MKDIR.*.(DESTDIR).*.(runstatedir)/d' \
- servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
-
- pushd build &>/dev/null || die "pushd build"
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to remove too early stripping"
- popd &>/dev/null || die
-
- # Fails with OpenSSL 3, bug #848894
- # https://bugs.openldap.org/show_bug.cgi?id=10009
- rm tests/scripts/test076-authid-rewrite || die
-
- eautoreconf
- multilib_copy_sources
-}
-
-build_contrib_module() {
- # <dir> [<target>]
- pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
- einfo "Compiling contrib-module: $1"
- local target="${2:-all}"
- emake \
- LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
- "${target}"
- popd &>/dev/null || die
-}
-
-multilib_src_configure() {
- # Optional Features
- myconf+=(
- --enable-option-checking
- $(use_enable debug)
- --enable-dynamic
- $(use_enable syslog)
- $(use_enable ipv6)
- --enable-local
- )
-
- # Optional Packages
- myconf+=(
- --without-fetch
- )
-
- if use experimental ; then
- # connectionless ldap per bug #342439
- # connectionless is a unsupported feature according to Howard Chu
- # see https://bugs.openldap.org/show_bug.cgi?id=9739
- # (see also bug #892009)
- append-flags -DLDAP_CONNECTIONLESS
- fi
-
- if ! use minimal && multilib_is_native_abi; then
- # SLAPD (Standalone LDAP Daemon) Options
- # overlay chaining requires '--enable-ldap' #296567
- # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
- myconf+=(
- --enable-ldap=yes
- --enable-slapd
- $(use_enable cleartext)
- $(use_enable crypt)
- $(multilib_native_use_enable sasl spasswd)
- --disable-slp
- $(use_enable tcpd wrappers)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- # ACI build as dynamic module not supported (yet)
- --enable-aci=yes
- )
- fi
-
- for option in modules rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # static SLAPD backends
- for backend in mdb; do
- myconf+=( --enable-${backend}=yes )
- done
-
- # module SLAPD backends
- for backend in asyncmeta dnssrv meta null passwd relay sock; do
- # missing modules: wiredtiger (not available in portage)
- myconf+=( --enable-${backend}=mod )
- done
-
- use perl && myconf+=( --enable-perl=mod )
-
- if use odbc ; then
- myconf+=( --enable-sql=mod )
- if use iodbc ; then
- myconf+=( --with-odbc="iodbc" )
- append-cflags -I"${EPREFIX}"/usr/include/iodbc
- else
- myconf+=( --with-odbc="unixodbc" )
- fi
- fi
-
- use overlays && myconf+=( --enable-overlays=mod )
- use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
- # compile-in the syncprov
- myconf+=( --enable-syncprov=yes )
-
- # SLAPD Password Module Options
- myconf+=(
- $(use_enable argon2)
- )
-
- # Optional Packages
- myconf+=(
- $(use_with systemd)
- $(multilib_native_use_with sasl cyrus-sasl)
- )
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-mdb
- --disable-overlays
- --disable-autoca
- --disable-syslog
- --without-systemd
- )
- fi
-
- # Library Generation & Linking Options
- myconf+=(
- $(use_enable static-libs static)
- --enable-shared
- --enable-versioning
- --with-pic
- )
-
- # some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- if use gnutls ; then
- myconf+=( --with-tls="gnutls" )
- else
- # disable MD2 hash function
- append-cflags -DOPENSSL_NO_MD2
- myconf+=( --with-tls="openssl" )
- fi
- else
- myconf+=( --with-tls="no" )
- fi
-
- tc-export AR CC CXX
-
- ECONF_SOURCE="${S}" econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- --localstatedir="${EPREFIX}"/var \
- --runstatedir="${EPREFIX}"/run \
- --sharedstatedir="${EPREFIX}"/var/lib \
- "${myconf[@]}"
-
- # argument '--runstatedir' seems to have no effect therefore this workaround
- sed -i \
- -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
- configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
-
- sed -i \
- -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
- doc/guide/admin/security.sdf || die 'could not fix run path in doc'
-
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # we have to run it AFTER the main build, not just after the main configure
- local myconf_ldapcpp=(
- --with-libldap="${E}/lib"
- --with-ldap-includes="${S}/include"
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
-
- local LDFLAGS="${LDFLAGS}"
- local CPPFLAGS="${CPPFLAGS}"
-
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
-
- ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
- popd &>/dev/null || die "popd contrib/ldapc++"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
- emake
- popd &>/dev/null || die
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use kerberos ; then
- if use kinit ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- fi
- build_contrib_module "passwd" "pw-kerberos.la"
- fi
-
- if use pbkdf2; then
- build_contrib_module "passwd/pbkdf2"
- fi
-
- if use sha2 ; then
- build_contrib_module "passwd/sha2"
- fi
-
- # We could build pw-radius if GNURadius would install radlib.h
- build_contrib_module "passwd" "pw-netscape.la"
-
- #build_contrib_module "acl" "posixgroup.la" # example code only
- #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
- build_contrib_module "addpartial"
- build_contrib_module "allop"
- build_contrib_module "allowed"
- build_contrib_module "autogroup"
- build_contrib_module "cloak"
- # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop"
- build_contrib_module "dsaschema"
- build_contrib_module "dupent"
- build_contrib_module "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod"
- build_contrib_module "noopsrch"
- #build_contrib_module "nops" https://bugs.gentoo.org/641576
- #build_contrib_module "nssov" RESO:LATER
- build_contrib_module "trace"
- # build slapi-plugins
- pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
- einfo "Building contrib-module: addrdnvalues plugin"
- $(tc-getCC) -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CPPFLAGS} \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
- popd &>/dev/null || die
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- pwd
-
- # Increase various test timeouts/delays, bug #894012
- # We can't just double everything as there's a cumulative effect.
- export SLEEP0=2 # originally 1
- export SLEEP1=10 # originally 7
- export SLEEP2=20 # originally 15
- export TIMEOUT=16 # originally 8
-
- # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
- # emake partests => runs ALL of the tests in parallel
- # wt/WiredTiger is not supported in Gentoo
- TESTS=( plloadd pmdb )
- #TESTS+=( pldif ) # not done by default, so also exclude here
- #use odbc && TESTS+=( psql ) # not done by default, so also exclude here
-
- emake "${TESTS[@]}"
- fi
-}
-
-multilib_src_install() {
- emake CC="$(tc-getCC)" \
- DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"/etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
- configfile="${ED}"/etc/openldap/slapd.conf
-
- # populate with built backends
- einfo "populate config with built backends"
- for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default || die
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
- doinitd "${T}"/slapd
- newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
-
- if use systemd; then
- # The systemd unit uses Type=notify, so it is useless without USE=systemd
- einfo "Install systemd service"
- rm -rf "${ED}"/{,usr/}lib/systemd
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
- systemd_dounit "${T}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
- fi
-
- # if built without SLP, we don't need to be before avahi
- sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"/etc/init.d/slapd \
- || die
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la */*/*.la; do
- [[ -e ${l} ]] || continue
- libtool --mode=install cp ${l} \
- "${ED}"/usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-
- if ! use static-libs ; then
- find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- if use systemd; then
- tmpfiles_process slapd.conf
- fi
-
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- if [[ -d "${EROOT}"/var/run/openldap ]]; then
- use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
- chmod 0755 "${EROOT}"/var/run/openldap || die
- fi
- use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
- use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.6.4-r2.ebuild b/net-nds/openldap/openldap-2.6.4-r2.ebuild
deleted file mode 100644
index 4ff4b2c3d6d0..000000000000
--- a/net-nds/openldap/openldap-2.6.4-r2.ebuild
+++ /dev/null
@@ -1,867 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Re cleanups:
-# 2.5.x is an LTS release so we want to keep it for a while.
-
-inherit autotools flag-o-matic multibuild multilib multilib-minimal preserve-libs
-inherit ssl-cert toolchain-funcs systemd tmpfiles
-
-MY_PV="$(ver_rs 1-2 _)"
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="https://www.openldap.org/"
-SRC_URI="
- https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
- mirror://gentoo/${BIS_P}
-"
-S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
-
-LICENSE="OPENLDAP GPL-2"
-# Subslot added for bug #835654
-SLOT="0/$(ver_cut 1-2)"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-
-IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
-IUSE_OVERLAY="overlays perl autoca"
-IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
-IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
-IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
-IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-REQUIRED_USE="cxx? ( sasl )
- pbkdf2? ( ssl )
- test? ( cleartext sasl )
- autoca? ( !gnutls )
- ?? ( test minimal )
- kerberos? ( ?? ( kinit smbkrb5passwd ) )"
-RESTRICT="!test? ( test )"
-
-SYSTEM_LMDB_VER=0.9.30
-# openssl is needed to generate lanman-passwords required by samba
-COMMON_DEPEND="
- kernel_linux? ( sys-apps/util-linux )
- ssl? (
- !gnutls? (
- >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
- )
- gnutls? (
- >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
- >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
- )
- )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- dev-libs/libevent:=
- dev-libs/libltdl
- sys-fs/e2fsprogs
- >=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
- argon2? ( app-crypt/argon2:= )
- crypt? ( virtual/libcrypt:= )
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- dev-libs/openssl:0=
- )
- smbkrb5passwd? (
- dev-libs/openssl:0=
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? (
- virtual/krb5
- kinit? ( !app-crypt/heimdal )
- )
- )
-"
-DEPEND="${COMMON_DEPEND}
- sys-apps/groff
-"
-RDEPEND="${COMMON_DEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-
-# The user/group are only used for running daemons which are
-# disabled in minimal builds, so elide the accounts too.
-BDEPEND="!minimal? (
- acct-group/ldap
- acct-user/ldap
-)
-"
-
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
- "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
- "${FILESDIR}"/${PN}-2.6.1-cloak.patch
- "${FILESDIR}"/${PN}-2.6.1-flags.patch
- "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
- "${FILESDIR}"/${PN}-2.6.4-clang16.patch
- "${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- local openldap_datadirs=()
- if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
- openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
- fi
- openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs[@]} ; do
- CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
- CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
- if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
- einfo "- Checking ${each}..."
- if [[ -r "${CURRENT_TAG}" ]] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source "${CURRENT_TAG}"
- if [[ "${OLDPF}" == "" ]] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
-
- [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
-
- # are we on the same branch?
- if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
- SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
- if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- local fail=0
-
- # This will not cover detection of cn=Config based configuration, but
- # it's hopefully good enough.
- if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted away from backend shell!"
- echo
- fail=1
- fi
- if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted to mdb!"
- echo
- fail=1
- elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- :
- # Nothing wrong here.
- elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [[ "${fail}" == "1" ]] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- local d l i
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. Check that your data is intact."
- eerror "11. Set up the new replication system."
- eerror
- if [[ "${FORCE_UPGRADE}" != "1" ]]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-}
-
-src_prepare() {
- # The system copy of dev-db/lmdb must match the version that this copy
- # of OpenLDAP shipped with! See bug #588792.
- #
- # Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
- # the bundled lmdb's header to find out the version.
- local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
- libraries/liblmdb/lmdb.h || die)
- printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
-
- if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
- eerror "Source lmdb version: ${bundled_lmdb_version}"
- eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
- die "Ebuild needs to update SYSTEM_LMDB_VER!"
- fi
-
- rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
-
- local filename
- for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
- iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
- mv "${filename}.utf8" "${filename}"
- done
-
- default
-
- sed -i \
- -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
- -e '/MKDIR.*.(DESTDIR)\/run/d' \
- servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
-
- pushd build &>/dev/null || die "pushd build"
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to remove too early stripping"
- popd &>/dev/null || die
-
- # Fails with OpenSSL 3, bug #848894
- # https://bugs.openldap.org/show_bug.cgi?id=10009
- rm tests/scripts/test076-authid-rewrite || die
-
- eautoreconf
- multilib_copy_sources
-}
-
-build_contrib_module() {
- # <dir> [<target>]
- pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
- einfo "Compiling contrib-module: $1"
- local target="${2:-all}"
- emake \
- LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
- "${target}"
- popd &>/dev/null || die
-}
-
-multilib_src_configure() {
- # Optional Features
- myconf+=(
- --enable-option-checking
- $(use_enable debug)
- --enable-dynamic
- $(use_enable syslog)
- --enable-ipv6
- --enable-local
- )
-
- # Optional Packages
- myconf+=(
- --without-fetch
- )
-
- if use experimental ; then
- # connectionless ldap per bug #342439
- # connectionless is a unsupported feature according to Howard Chu
- # see https://bugs.openldap.org/show_bug.cgi?id=9739
- # (see also bug #892009)
- append-flags -DLDAP_CONNECTIONLESS
- fi
-
- if ! use minimal && multilib_is_native_abi; then
- # SLAPD (Standalone LDAP Daemon) Options
- # overlay chaining requires '--enable-ldap' #296567
- # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
- myconf+=(
- --enable-ldap=yes
- --enable-slapd
- $(use_enable cleartext)
- $(use_enable crypt)
- $(multilib_native_use_enable sasl spasswd)
- --disable-slp
- $(use_enable tcpd wrappers)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- # ACI build as dynamic module not supported (yet)
- --enable-aci=yes
- )
- fi
-
- for option in modules rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # static SLAPD backends
- for backend in mdb; do
- myconf+=( --enable-${backend}=yes )
- done
-
- # module SLAPD backends
- for backend in asyncmeta dnssrv meta null passwd relay sock; do
- # missing modules: wiredtiger (not available in portage)
- myconf+=( --enable-${backend}=mod )
- done
-
- use perl && myconf+=( --enable-perl=mod )
-
- if use odbc ; then
- myconf+=( --enable-sql=mod )
- if use iodbc ; then
- myconf+=( --with-odbc="iodbc" )
- append-cflags -I"${EPREFIX}"/usr/include/iodbc
- else
- myconf+=( --with-odbc="unixodbc" )
- fi
- fi
-
- use overlays && myconf+=( --enable-overlays=mod )
- use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
- # compile-in the syncprov
- myconf+=( --enable-syncprov=yes )
-
- # Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
- myconf+=( --enable-balancer=yes )
-
- # SLAPD Password Module Options
- myconf+=(
- $(use_enable argon2)
- )
-
- # Optional Packages
- myconf+=(
- $(use_with systemd)
- $(multilib_native_use_with sasl cyrus-sasl)
- )
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-mdb
- --disable-overlays
- --disable-autoca
- --disable-syslog
- --without-systemd
- )
- fi
-
- # Library Generation & Linking Options
- myconf+=(
- $(use_enable static-libs static)
- --enable-shared
- --enable-versioning
- --with-pic
- )
-
- # some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- if use gnutls ; then
- myconf+=( --with-tls="gnutls" )
- else
- # disable MD2 hash function
- append-cflags -DOPENSSL_NO_MD2
- myconf+=( --with-tls="openssl" )
- fi
- else
- myconf+=( --with-tls="no" )
- fi
-
- tc-export AR CC CXX
-
- ECONF_SOURCE="${S}" econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- --localstatedir="${EPREFIX}"/var \
- --runstatedir="${EPREFIX}"/run \
- --sharedstatedir="${EPREFIX}"/var/lib \
- "${myconf[@]}"
-
- # argument '--runstatedir' seems to have no effect therefore this workaround
- sed -i \
- -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
- configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
-
- sed -i \
- -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
- doc/guide/admin/security.sdf || die 'could not fix run path in doc'
-
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # we have to run it AFTER the main build, not just after the main configure
- local myconf_ldapcpp=(
- --with-libldap="${E}/lib"
- --with-ldap-includes="${S}/include"
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
-
- local LDFLAGS="${LDFLAGS}"
- local CPPFLAGS="${CPPFLAGS}"
-
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
-
- ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
- popd &>/dev/null || die "popd contrib/ldapc++"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
- emake
- popd &>/dev/null || die
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use kerberos ; then
- if use kinit ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- fi
- build_contrib_module "passwd" "pw-kerberos.la"
- fi
-
- if use pbkdf2; then
- build_contrib_module "passwd/pbkdf2"
- fi
-
- if use sha2 ; then
- build_contrib_module "passwd/sha2"
- fi
-
- # We could build pw-radius if GNURadius would install radlib.h
- build_contrib_module "passwd" "pw-netscape.la"
-
- #build_contrib_module "acl" "posixgroup.la" # example code only
- #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
- build_contrib_module "addpartial"
- build_contrib_module "allop"
- build_contrib_module "allowed"
- build_contrib_module "autogroup"
- build_contrib_module "cloak"
- # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop"
- build_contrib_module "dsaschema"
- build_contrib_module "dupent"
- build_contrib_module "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod"
- build_contrib_module "noopsrch"
- #build_contrib_module "nops" https://bugs.gentoo.org/641576
- #build_contrib_module "nssov" RESO:LATER
- build_contrib_module "trace"
- # build slapi-plugins
- pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
- einfo "Building contrib-module: addrdnvalues plugin"
- $(tc-getCC) -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CPPFLAGS} \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
- popd &>/dev/null || die
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- pwd
-
- # Increase various test timeouts/delays, bug #894012
- # We can't just double everything as there's a cumulative effect.
- export SLEEP0=2 # originally 1
- export SLEEP1=10 # originally 7
- export SLEEP2=20 # originally 15
- export TIMEOUT=16 # originally 8
-
- # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
- # emake partests => runs ALL of the tests in parallel
- # wt/WiredTiger is not supported in Gentoo
- TESTS=( plloadd pmdb )
- #TESTS+=( pldif ) # not done by default, so also exclude here
- #use odbc && TESTS+=( psql ) # not done by default, so also exclude here
-
- emake "${TESTS[@]}"
- fi
-}
-
-multilib_src_install() {
- emake CC="$(tc-getCC)" \
- DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"/etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
- configfile="${ED}"/etc/openldap/slapd.conf
-
- # populate with built backends
- einfo "populate config with built backends"
- for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
- -i "${configfile}" || die
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default || die
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
- doinitd "${T}"/slapd
- newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
-
- if use systemd; then
- # The systemd unit uses Type=notify, so it is useless without USE=systemd
- einfo "Install systemd service"
- rm -rf "${ED}"/{,usr/}lib/systemd
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
- systemd_dounit "${T}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
- fi
-
- # if built without SLP, we don't need to be before avahi
- sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"/etc/init.d/slapd \
- || die
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la */*/*.la; do
- [[ -e ${l} ]] || continue
- libtool --mode=install cp ${l} \
- "${ED}"/usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-
- if ! use static-libs ; then
- find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- if use systemd; then
- tmpfiles_process slapd.conf
- fi
-
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- if [[ -d "${EROOT}"/var/run/openldap ]]; then
- use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
- chmod 0755 "${EROOT}"/var/run/openldap || die
- fi
- use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
- use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.6.4-r3.ebuild b/net-nds/openldap/openldap-2.6.4-r3.ebuild
index 5e781e7012d9..7194cc597604 100644
--- a/net-nds/openldap/openldap-2.6.4-r3.ebuild
+++ b/net-nds/openldap/openldap-2.6.4-r3.ebuild
@@ -6,7 +6,7 @@ EAPI=8
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
-inherit autotools flag-o-matic multibuild multilib multilib-minimal preserve-libs
+inherit autotools flag-o-matic multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
diff --git a/net-nds/openldap/openldap-2.6.5-r1.ebuild b/net-nds/openldap/openldap-2.6.5-r1.ebuild
deleted file mode 100644
index 66a264d48ad2..000000000000
--- a/net-nds/openldap/openldap-2.6.5-r1.ebuild
+++ /dev/null
@@ -1,870 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Re cleanups:
-# 2.5.x is an LTS release so we want to keep it for a while.
-
-inherit autotools flag-o-matic multibuild multilib multilib-minimal preserve-libs
-inherit ssl-cert toolchain-funcs systemd tmpfiles
-
-MY_PV="$(ver_rs 1-2 _)"
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="https://www.openldap.org/"
-SRC_URI="
- https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
- mirror://gentoo/${BIS_P}
-"
-S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
-
-LICENSE="OPENLDAP GPL-2"
-# Subslot added for bug #835654
-SLOT="0/$(ver_cut 1-2)"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-
-IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
-IUSE_OVERLAY="overlays perl autoca"
-IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
-IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
-IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
-IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-REQUIRED_USE="
- cxx? ( sasl )
- pbkdf2? ( ssl )
- test? ( cleartext sasl )
- autoca? ( !gnutls )
- ?? ( test minimal )
- kerberos? ( ?? ( kinit smbkrb5passwd ) )
-"
-RESTRICT="!test? ( test )"
-
-SYSTEM_LMDB_VER=0.9.31
-# openssl is needed to generate lanman-passwords required by samba
-COMMON_DEPEND="
- kernel_linux? ( sys-apps/util-linux )
- ssl? (
- !gnutls? (
- >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
- )
- gnutls? (
- >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
- >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
- )
- )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- dev-libs/libevent:=
- dev-libs/libltdl
- sys-fs/e2fsprogs
- >=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
- argon2? ( app-crypt/argon2:= )
- crypt? ( virtual/libcrypt:= )
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- dev-libs/openssl:0=
- )
- smbkrb5passwd? (
- dev-libs/openssl:0=
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? (
- virtual/krb5
- kinit? ( !app-crypt/heimdal )
- )
- )
-"
-DEPEND="
- ${COMMON_DEPEND}
- sys-apps/groff
-"
-RDEPEND="
- ${COMMON_DEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-
-# The user/group are only used for running daemons which are
-# disabled in minimal builds, so elide the accounts too.
-BDEPEND="
- !minimal? (
- acct-group/ldap
- acct-user/ldap
- )
-"
-
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
- "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
- "${FILESDIR}"/${PN}-2.6.1-cloak.patch
- "${FILESDIR}"/${PN}-2.6.1-flags.patch
- "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- local openldap_datadirs=()
- if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
- openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
- fi
- openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs[@]} ; do
- CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
- CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
- if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
- einfo "- Checking ${each}..."
- if [[ -r "${CURRENT_TAG}" ]] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source "${CURRENT_TAG}"
- if [[ "${OLDPF}" == "" ]] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
-
- [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
-
- # are we on the same branch?
- if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
- SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
- if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- local fail=0
-
- # This will not cover detection of cn=Config based configuration, but
- # it's hopefully good enough.
- if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted away from backend shell!"
- echo
- fail=1
- fi
- if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted to mdb!"
- echo
- fail=1
- elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- :
- # Nothing wrong here.
- elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [[ "${fail}" == "1" ]] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- local d l i
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. Check that your data is intact."
- eerror "11. Set up the new replication system."
- eerror
- if [[ "${FORCE_UPGRADE}" != "1" ]]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-}
-
-src_prepare() {
- # The system copy of dev-db/lmdb must match the version that this copy
- # of OpenLDAP shipped with! See bug #588792.
- #
- # Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
- # the bundled lmdb's header to find out the version.
- local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
- libraries/liblmdb/lmdb.h || die)
- printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
-
- if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
- eerror "Source lmdb version: ${bundled_lmdb_version}"
- eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
- die "Ebuild needs to update SYSTEM_LMDB_VER!"
- fi
-
- rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
-
- local filename
- for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
- iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
- mv "${filename}.utf8" "${filename}"
- done
-
- default
-
- sed -i \
- -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
- -e '/MKDIR.*.(DESTDIR)\/run/d' \
- servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
-
- pushd build &>/dev/null || die "pushd build"
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to remove too early stripping"
- popd &>/dev/null || die
-
- # Fails with OpenSSL 3, bug #848894
- # https://bugs.openldap.org/show_bug.cgi?id=10009
- rm tests/scripts/test076-authid-rewrite || die
-
- eautoreconf
- multilib_copy_sources
-}
-
-build_contrib_module() {
- # <dir> [<target>]
- pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
- einfo "Compiling contrib-module: $1"
- local target="${2:-all}"
- emake \
- LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
- "${target}"
- popd &>/dev/null || die
-}
-
-multilib_src_configure() {
- # Optional Features
- myconf+=(
- --enable-option-checking
- $(use_enable debug)
- --enable-dynamic
- $(use_enable syslog)
- --enable-ipv6
- --enable-local
- )
-
- # Optional Packages
- myconf+=(
- --without-fetch
- $(multilib_native_use_with sasl cyrus-sasl)
- )
-
- if use experimental ; then
- # connectionless ldap per bug #342439
- # connectionless is a unsupported feature according to Howard Chu
- # see https://bugs.openldap.org/show_bug.cgi?id=9739
- # (see also bug #892009)
- append-flags -DLDAP_CONNECTIONLESS
- fi
-
- if ! use minimal && multilib_is_native_abi; then
- # SLAPD (Standalone LDAP Daemon) Options
- # overlay chaining requires '--enable-ldap' #296567
- # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
- myconf+=(
- --enable-ldap=yes
- --enable-slapd
- $(use_enable cleartext)
- $(use_enable crypt)
- $(multilib_native_use_enable sasl spasswd)
- --disable-slp
- $(use_enable tcpd wrappers)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- # ACI build as dynamic module not supported (yet)
- --enable-aci=yes
- )
- fi
-
- for option in modules rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # static SLAPD backends
- for backend in mdb; do
- myconf+=( --enable-${backend}=yes )
- done
-
- # module SLAPD backends
- for backend in asyncmeta dnssrv meta null passwd relay sock; do
- # missing modules: wiredtiger (not available in portage)
- myconf+=( --enable-${backend}=mod )
- done
-
- use perl && myconf+=( --enable-perl=mod )
-
- if use odbc ; then
- myconf+=( --enable-sql=mod )
- if use iodbc ; then
- myconf+=( --with-odbc="iodbc" )
- append-cflags -I"${EPREFIX}"/usr/include/iodbc
- else
- myconf+=( --with-odbc="unixodbc" )
- fi
- fi
-
- use overlays && myconf+=( --enable-overlays=mod )
- use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
- # compile-in the syncprov
- myconf+=( --enable-syncprov=yes )
-
- # Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
- myconf+=( --enable-balancer=yes )
-
- # SLAPD Password Module Options
- myconf+=(
- $(use_enable argon2)
- )
-
- # Optional Packages
- myconf+=(
- $(use_with systemd)
- )
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-mdb
- --disable-overlays
- --disable-autoca
- --disable-syslog
- --without-systemd
- )
- fi
-
- # Library Generation & Linking Options
- myconf+=(
- $(use_enable static-libs static)
- --enable-shared
- --enable-versioning
- --with-pic
- )
-
- # some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- if use gnutls ; then
- myconf+=( --with-tls="gnutls" )
- else
- # disable MD2 hash function
- append-cflags -DOPENSSL_NO_MD2
- myconf+=( --with-tls="openssl" )
- fi
- else
- myconf+=( --with-tls="no" )
- fi
-
- tc-export AR CC CXX
-
- ECONF_SOURCE="${S}" econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- --localstatedir="${EPREFIX}"/var \
- --runstatedir="${EPREFIX}"/run \
- --sharedstatedir="${EPREFIX}"/var/lib \
- "${myconf[@]}"
-
- # argument '--runstatedir' seems to have no effect therefore this workaround
- sed -i \
- -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
- configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
-
- sed -i \
- -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
- doc/guide/admin/security.sdf || die 'could not fix run path in doc'
-
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # we have to run it AFTER the main build, not just after the main configure
- local myconf_ldapcpp=(
- --with-libldap="${E}/lib"
- --with-ldap-includes="${S}/include"
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
-
- local LDFLAGS="${LDFLAGS}"
- local CPPFLAGS="${CPPFLAGS}"
-
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
-
- ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
- popd &>/dev/null || die "popd contrib/ldapc++"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
- emake
- popd &>/dev/null || die
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use kerberos ; then
- if use kinit ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- fi
- build_contrib_module "passwd" "pw-kerberos.la"
- fi
-
- if use pbkdf2; then
- build_contrib_module "passwd/pbkdf2"
- fi
-
- if use sha2 ; then
- build_contrib_module "passwd/sha2"
- fi
-
- # We could build pw-radius if GNURadius would install radlib.h
- build_contrib_module "passwd" "pw-netscape.la"
-
- #build_contrib_module "acl" "posixgroup.la" # example code only
- #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
- build_contrib_module "addpartial"
- build_contrib_module "allop"
- build_contrib_module "allowed"
- build_contrib_module "autogroup"
- build_contrib_module "cloak"
- # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop"
- build_contrib_module "dsaschema"
- build_contrib_module "dupent"
- build_contrib_module "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod"
- build_contrib_module "noopsrch"
- #build_contrib_module "nops" https://bugs.gentoo.org/641576
- #build_contrib_module "nssov" RESO:LATER
- build_contrib_module "trace"
- # build slapi-plugins
- pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
- einfo "Building contrib-module: addrdnvalues plugin"
- $(tc-getCC) -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CPPFLAGS} \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
- popd &>/dev/null || die
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- pwd
-
- # Increase various test timeouts/delays, bug #894012
- # We can't just double everything as there's a cumulative effect.
- export SLEEP0=2 # originally 1
- export SLEEP1=10 # originally 7
- export SLEEP2=20 # originally 15
- export TIMEOUT=16 # originally 8
-
- # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
- # emake partests => runs ALL of the tests in parallel
- # wt/WiredTiger is not supported in Gentoo
- TESTS=( plloadd pmdb )
- #TESTS+=( pldif ) # not done by default, so also exclude here
- #use odbc && TESTS+=( psql ) # not done by default, so also exclude here
-
- emake -Onone "${TESTS[@]}"
- fi
-}
-
-multilib_src_install() {
- emake CC="$(tc-getCC)" \
- DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"/etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
- configfile="${ED}"/etc/openldap/slapd.conf
-
- # populate with built backends
- einfo "populate config with built backends"
- for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
- -i "${configfile}" || die
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default || die
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
- doinitd "${T}"/slapd
- newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
-
- if use systemd; then
- # The systemd unit uses Type=notify, so it is useless without USE=systemd
- einfo "Install systemd service"
- rm -rf "${ED}"/{,usr/}lib/systemd
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
- systemd_dounit "${T}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
- fi
-
- # if built without SLP, we don't need to be before avahi
- sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"/etc/init.d/slapd \
- || die
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la */*/*.la; do
- [[ -e ${l} ]] || continue
- libtool --mode=install cp ${l} \
- "${ED}"/usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-
- if ! use static-libs ; then
- find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- if use systemd; then
- tmpfiles_process slapd.conf
- fi
-
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- if [[ -d "${EROOT}"/var/run/openldap ]]; then
- use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
- chmod 0755 "${EROOT}"/var/run/openldap || die
- fi
- use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
- use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.6.6-r2.ebuild b/net-nds/openldap/openldap-2.6.6-r2.ebuild
index 965cce327fb3..e748df009fdf 100644
--- a/net-nds/openldap/openldap-2.6.6-r2.ebuild
+++ b/net-nds/openldap/openldap-2.6.6-r2.ebuild
@@ -6,7 +6,7 @@ EAPI=8
# Re cleanups:
# 2.5.x is an LTS release so we want to keep it for a while.
-inherit autotools flag-o-matic multibuild multilib multilib-minimal preserve-libs
+inherit autotools flag-o-matic multilib multilib-minimal preserve-libs
inherit ssl-cert toolchain-funcs systemd tmpfiles
MY_PV="$(ver_rs 1-2 _)"
diff --git a/net-nds/openldap/openldap-2.6.6.ebuild b/net-nds/openldap/openldap-2.6.6.ebuild
deleted file mode 100644
index e38e6c6522c5..000000000000
--- a/net-nds/openldap/openldap-2.6.6.ebuild
+++ /dev/null
@@ -1,870 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Re cleanups:
-# 2.5.x is an LTS release so we want to keep it for a while.
-
-inherit autotools flag-o-matic multibuild multilib multilib-minimal preserve-libs
-inherit ssl-cert toolchain-funcs systemd tmpfiles
-
-MY_PV="$(ver_rs 1-2 _)"
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="https://www.openldap.org/"
-SRC_URI="
- https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
- mirror://gentoo/${BIS_P}
-"
-S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
-
-LICENSE="OPENLDAP GPL-2"
-# Subslot added for bug #835654
-SLOT="0/$(ver_cut 1-2)"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-
-IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
-IUSE_OVERLAY="overlays perl autoca"
-IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
-IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
-IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
-IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-REQUIRED_USE="
- cxx? ( sasl )
- pbkdf2? ( ssl )
- test? ( cleartext sasl )
- autoca? ( !gnutls )
- ?? ( test minimal )
- kerberos? ( ?? ( kinit smbkrb5passwd ) )
-"
-RESTRICT="!test? ( test )"
-
-SYSTEM_LMDB_VER=0.9.31
-# openssl is needed to generate lanman-passwords required by samba
-COMMON_DEPEND="
- kernel_linux? ( sys-apps/util-linux )
- ssl? (
- !gnutls? (
- >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
- )
- gnutls? (
- >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
- >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
- )
- )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- dev-libs/libevent:=
- dev-libs/libltdl
- sys-fs/e2fsprogs
- >=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
- argon2? ( app-crypt/argon2:= )
- crypt? ( virtual/libcrypt:= )
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- dev-libs/openssl:0=
- )
- smbkrb5passwd? (
- dev-libs/openssl:0=
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? (
- virtual/krb5
- kinit? ( !app-crypt/heimdal )
- )
- )
-"
-DEPEND="
- ${COMMON_DEPEND}
- sys-apps/groff
-"
-RDEPEND="
- ${COMMON_DEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-
-# The user/group are only used for running daemons which are
-# disabled in minimal builds, so elide the accounts too.
-BDEPEND="
- !minimal? (
- acct-group/ldap
- acct-user/ldap
- )
-"
-
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-PATCHES=(
- "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
- "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
- "${FILESDIR}"/${PN}-2.6.1-cloak.patch
- "${FILESDIR}"/${PN}-2.6.1-flags.patch
- "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- local openldap_datadirs=()
- if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
- openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
- fi
- openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs[@]} ; do
- CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
- CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
- if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
- einfo "- Checking ${each}..."
- if [[ -r "${CURRENT_TAG}" ]] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source "${CURRENT_TAG}"
- if [[ "${OLDPF}" == "" ]] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
-
- [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
-
- # are we on the same branch?
- if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
- SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
- if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- local fail=0
-
- # This will not cover detection of cn=Config based configuration, but
- # it's hopefully good enough.
- if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted away from backend shell!"
- echo
- fail=1
- fi
- if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
- eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
- eerror " You will need to migrate per upstream's migration notes"
- eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
- eerror " Your existing database will not be accessible until it is"
- eerror " converted to mdb!"
- echo
- fail=1
- elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- :
- # Nothing wrong here.
- elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [[ "${fail}" == "1" ]] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- local d l i
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. Check that your data is intact."
- eerror "11. Set up the new replication system."
- eerror
- if [[ "${FORCE_UPGRADE}" != "1" ]]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-}
-
-src_prepare() {
- # The system copy of dev-db/lmdb must match the version that this copy
- # of OpenLDAP shipped with! See bug #588792.
- #
- # Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
- # the bundled lmdb's header to find out the version.
- local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
- libraries/liblmdb/lmdb.h || die)
- printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
-
- if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
- eerror "Source lmdb version: ${bundled_lmdb_version}"
- eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
- die "Ebuild needs to update SYSTEM_LMDB_VER!"
- fi
-
- rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
-
- local filename
- for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
- iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
- mv "${filename}.utf8" "${filename}"
- done
-
- default
-
- sed -i \
- -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
- -e '/MKDIR.*.(DESTDIR)\/run/d' \
- servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
-
- pushd build &>/dev/null || die "pushd build"
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to remove too early stripping"
- popd &>/dev/null || die
-
- # Fails with OpenSSL 3, bug #848894
- # https://bugs.openldap.org/show_bug.cgi?id=10009
- rm tests/scripts/test076-authid-rewrite || die
-
- eautoreconf
- multilib_copy_sources
-}
-
-build_contrib_module() {
- # <dir> [<target>]
- pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
- einfo "Compiling contrib-module: $1"
- local target="${2:-all}"
- emake \
- LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
- "${target}"
- popd &>/dev/null || die
-}
-
-multilib_src_configure() {
- # Optional Features
- myconf+=(
- --enable-option-checking
- $(use_enable debug)
- --enable-dynamic
- $(use_enable syslog)
- --enable-ipv6
- --enable-local
- )
-
- # Optional Packages
- myconf+=(
- --without-fetch
- )
-
- if use experimental ; then
- # connectionless ldap per bug #342439
- # connectionless is a unsupported feature according to Howard Chu
- # see https://bugs.openldap.org/show_bug.cgi?id=9739
- # (see also bug #892009)
- append-flags -DLDAP_CONNECTIONLESS
- fi
-
- if ! use minimal && multilib_is_native_abi; then
- # SLAPD (Standalone LDAP Daemon) Options
- # overlay chaining requires '--enable-ldap' #296567
- # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
- myconf+=(
- --enable-ldap=yes
- --enable-slapd
- $(use_enable cleartext)
- $(use_enable crypt)
- $(multilib_native_use_enable sasl spasswd)
- --disable-slp
- $(use_enable tcpd wrappers)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- # ACI build as dynamic module not supported (yet)
- --enable-aci=yes
- )
- fi
-
- for option in modules rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # static SLAPD backends
- for backend in mdb; do
- myconf+=( --enable-${backend}=yes )
- done
-
- # module SLAPD backends
- for backend in asyncmeta dnssrv meta null passwd relay sock; do
- # missing modules: wiredtiger (not available in portage)
- myconf+=( --enable-${backend}=mod )
- done
-
- use perl && myconf+=( --enable-perl=mod )
-
- if use odbc ; then
- myconf+=( --enable-sql=mod )
- if use iodbc ; then
- myconf+=( --with-odbc="iodbc" )
- append-cflags -I"${EPREFIX}"/usr/include/iodbc
- else
- myconf+=( --with-odbc="unixodbc" )
- fi
- fi
-
- use overlays && myconf+=( --enable-overlays=mod )
- use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
- # compile-in the syncprov
- myconf+=( --enable-syncprov=yes )
-
- # Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
- myconf+=( --enable-balancer=yes )
-
- # SLAPD Password Module Options
- myconf+=(
- $(use_enable argon2)
- )
-
- # Optional Packages
- myconf+=(
- $(use_with systemd)
- $(multilib_native_use_with sasl cyrus-sasl)
- )
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-mdb
- --disable-overlays
- --disable-autoca
- --disable-syslog
- --without-systemd
- )
- fi
-
- # Library Generation & Linking Options
- myconf+=(
- $(use_enable static-libs static)
- --enable-shared
- --enable-versioning
- --with-pic
- )
-
- # some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- if use gnutls ; then
- myconf+=( --with-tls="gnutls" )
- else
- # disable MD2 hash function
- append-cflags -DOPENSSL_NO_MD2
- myconf+=( --with-tls="openssl" )
- fi
- else
- myconf+=( --with-tls="no" )
- fi
-
- tc-export AR CC CXX
-
- ECONF_SOURCE="${S}" econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- --localstatedir="${EPREFIX}"/var \
- --runstatedir="${EPREFIX}"/run \
- --sharedstatedir="${EPREFIX}"/var/lib \
- "${myconf[@]}"
-
- # argument '--runstatedir' seems to have no effect therefore this workaround
- sed -i \
- -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
- configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
-
- sed -i \
- -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
- doc/guide/admin/security.sdf || die 'could not fix run path in doc'
-
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # we have to run it AFTER the main build, not just after the main configure
- local myconf_ldapcpp=(
- --with-libldap="${E}/lib"
- --with-ldap-includes="${S}/include"
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
-
- local LDFLAGS="${LDFLAGS}"
- local CPPFLAGS="${CPPFLAGS}"
-
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
-
- ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
- popd &>/dev/null || die "popd contrib/ldapc++"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
- emake
- popd &>/dev/null || die
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- popd &>/dev/null || die
- fi
-
- if use kerberos ; then
- if use kinit ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- fi
- build_contrib_module "passwd" "pw-kerberos.la"
- fi
-
- if use pbkdf2; then
- build_contrib_module "passwd/pbkdf2"
- fi
-
- if use sha2 ; then
- build_contrib_module "passwd/sha2"
- fi
-
- # We could build pw-radius if GNURadius would install radlib.h
- build_contrib_module "passwd" "pw-netscape.la"
-
- #build_contrib_module "acl" "posixgroup.la" # example code only
- #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
- build_contrib_module "addpartial"
- build_contrib_module "allop"
- build_contrib_module "allowed"
- build_contrib_module "autogroup"
- build_contrib_module "cloak"
- # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop"
- build_contrib_module "dsaschema"
- build_contrib_module "dupent"
- build_contrib_module "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod"
- build_contrib_module "noopsrch"
- #build_contrib_module "nops" https://bugs.gentoo.org/641576
- #build_contrib_module "nssov" RESO:LATER
- build_contrib_module "trace"
- # build slapi-plugins
- pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
- einfo "Building contrib-module: addrdnvalues plugin"
- $(tc-getCC) -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CPPFLAGS} \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
- popd &>/dev/null || die
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- pwd
-
- # Increase various test timeouts/delays, bug #894012
- # We can't just double everything as there's a cumulative effect.
- export SLEEP0=2 # originally 1
- export SLEEP1=10 # originally 7
- export SLEEP2=20 # originally 15
- export TIMEOUT=16 # originally 8
-
- # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
- # emake partests => runs ALL of the tests in parallel
- # wt/WiredTiger is not supported in Gentoo
- TESTS=( plloadd pmdb )
- #TESTS+=( pldif ) # not done by default, so also exclude here
- #use odbc && TESTS+=( psql ) # not done by default, so also exclude here
-
- emake -Onone "${TESTS[@]}"
- fi
-}
-
-multilib_src_install() {
- emake CC="$(tc-getCC)" \
- DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"/etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
- configfile="${ED}"/etc/openldap/slapd.conf
-
- # populate with built backends
- einfo "populate config with built backends"
- for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
- -i "${configfile}" || die
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default || die
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
- doinitd "${T}"/slapd
- newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
-
- if use systemd; then
- # The systemd unit uses Type=notify, so it is useless without USE=systemd
- einfo "Install systemd service"
- rm -rf "${ED}"/{,usr/}lib/systemd
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
- systemd_dounit "${T}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
- fi
-
- # if built without SLP, we don't need to be before avahi
- sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"/etc/init.d/slapd \
- || die
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la */*/*.la; do
- [[ -e ${l} ]] || continue
- libtool --mode=install cp ${l} \
- "${ED}"/usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-
- if ! use static-libs ; then
- find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- if use systemd; then
- tmpfiles_process slapd.conf
- fi
-
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- if [[ -d "${EROOT}"/var/run/openldap ]]; then
- use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
- chmod 0755 "${EROOT}"/var/run/openldap || die
- fi
- use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
- use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2024-08-25 0:57 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-25 0:57 [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/, net-nds/openldap/files/ Robin H. Johnson
-- strict thread matches above, loose matches on Subject: below --
2023-02-09 23:48 Robin H. Johnson
2023-01-30 16:46 Mike Gilbert
2022-12-01 5:17 Sam James
2022-11-25 7:05 Sam James
2022-05-09 23:08 Sam James
2022-03-20 21:04 Sam James
2022-03-19 18:07 Robin H. Johnson
2021-05-02 11:22 Mikle Kolyada
2021-03-25 13:14 Sam James
2019-02-21 19:47 Patrick McLean
2017-02-20 0:36 Robin H. Johnson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox