* [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/files/, sys-auth/sssd/
@ 2018-12-16 19:23 Mikle Kolyada
0 siblings, 0 replies; 7+ messages in thread
From: Mikle Kolyada @ 2018-12-16 19:23 UTC (permalink / raw
To: gentoo-commits
commit: 8a98889de489fb4a1032efa221a4aed6504a157a
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 16 19:17:38 2018 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Dec 16 19:21:16 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a98889d
sys-auth/sssd: fix compilation with curl-7.62.0 and later
Closes: https://bugs.gentoo.org/670134
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
sys-auth/sssd/files/sssd-curl-macros.patch | 34 +++++
sys-auth/sssd/sssd-1.16.3-r1.ebuild | 237 +++++++++++++++++++++++++++++
sys-auth/sssd/sssd-2.0.0-r1.ebuild | 237 +++++++++++++++++++++++++++++
3 files changed, 508 insertions(+)
diff --git a/sys-auth/sssd/files/sssd-curl-macros.patch b/sys-auth/sssd/files/sssd-curl-macros.patch
new file mode 100644
index 00000000000..91e71e83787
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-curl-macros.patch
@@ -0,0 +1,34 @@
+From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001
+From: Mikle Kolyada <zlogene@gentoo.org>
+Date: Sun, 16 Dec 2018 20:42:39 +0300
+Subject: [PATCH] tev_curl.c: remove case duplication
+
+CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided
+by net-misc/curl-7.62.0 and older
+---
+ tev_curl.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/tev_curl.c b/tev_curl.c
+index 6a7a580..ce6fdba 100644
+--- a/src/util/tev_curl.c
++++ b/src/util/tev_curl.c
+@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv)
+ return ETIMEDOUT;
+ case CURLE_SSL_ISSUER_ERROR:
+ case CURLE_SSL_CACERT_BADFILE:
+- case CURLE_SSL_CACERT:
+ case CURLE_SSL_CERTPROBLEM:
+ return ERR_INVALID_CERT;
+
+@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv)
+ case CURLE_SSL_ENGINE_NOTFOUND:
+ case CURLE_SSL_CONNECT_ERROR:
+ return ERR_SSL_FAILURE;
+- case CURLE_PEER_FAILED_VERIFICATION:
+- return ERR_UNABLE_TO_VERIFY_PEER;
+ case CURLE_COULDNT_RESOLVE_HOST:
+ return ERR_UNABLE_TO_RESOLVE_HOST;
+ default:
+--
+2.19.2
\ No newline at end of file
diff --git a/sys-auth/sssd/sssd-1.16.3-r1.ebuild b/sys-auth/sssd/sssd-1.16.3-r1.ebuild
new file mode 100644
index 00000000000..885dd7416e7
--- /dev/null
+++ b/sys-auth/sssd/sssd-1.16.3-r1.ebuild
@@ -0,0 +1,237 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5,3_6,3_7} )
+
+inherit autotools flag-o-matic linux-info multilib-minimal pam python-r1 systemd toolchain-funcs
+
+DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
+HOMEPAGE="https://pagure.io/SSSD/sssd"
+SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
+KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86"
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl autofs +locator +netlink nfsv4 nls +manpages python samba selinux sudo ssh test"
+
+COMMON_DEP="
+ >=virtual/pam-0-r1[${MULTILIB_USEDEP}]
+ >=dev-libs/popt-1.16
+ dev-libs/glib:2
+ >=dev-libs/ding-libs-0.2
+ >=sys-libs/talloc-2.0.7
+ >=sys-libs/tdb-1.2.9
+ >=sys-libs/tevent-0.9.16
+ >=sys-libs/ldb-1.1.17-r1:=
+ >=net-nds/openldap-2.4.30[sasl]
+ net-libs/http-parser
+ >=dev-libs/libpcre-8.30
+ >=app-crypt/mit-krb5-1.10.3
+ dev-libs/jansson
+ locator? (
+ >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
+ >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
+ )
+ >=sys-apps/keyutils-1.5
+ >=net-dns/c-ares-1.7.4
+ >=dev-libs/nss-3.12.9
+ selinux? (
+ >=sys-libs/libselinux-2.1.9
+ >=sys-libs/libsemanage-2.1
+ )
+ >=net-dns/bind-tools-9.9[gssapi]
+ >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
+ >=sys-apps/dbus-1.6
+ acl? ( net-fs/cifs-utils[acl] )
+ nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
+ nls? ( >=sys-devel/gettext-0.18 )
+ virtual/libintl
+ netlink? ( dev-libs/libnl:3 )
+ samba? ( >=net-fs/samba-4.5 )
+ "
+
+RDEPEND="${COMMON_DEP}
+ >=sys-libs/glibc-2.17[nscd]
+ selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
+ "
+DEPEND="${COMMON_DEP}
+ test? ( dev-libs/check )
+ manpages? (
+ >=dev-libs/libxslt-1.1.26
+ app-text/docbook-xml-dtd:4.4
+ )"
+
+CONFIG_CHECK="~KEYS"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/ipa_hbac.h
+ /usr/include/sss_idmap.h
+ /usr/include/sss_nss_idmap.h
+ /usr/include/wbclient_sssd.h
+ # --with-ifp
+ /usr/include/sss_sifp.h
+ /usr/include/sss_sifp_dbus.h
+ # from 1.15.3
+ /usr/include/sss_certmap.h
+)
+
+pkg_setup(){
+ linux-info_pkg_setup
+}
+
+src_prepare() {
+ sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
+ "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
+
+ eapply "${FILESDIR}"/${PN}-curl-macros.patch
+
+ default
+ eautoreconf
+ multilib_copy_sources
+}
+
+src_configure() {
+ local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ # set initscript to sysv because the systemd option needs systemd to
+ # be installed. We provide our own systemd file anyway.
+ local myconf=()
+ if [[ "${PYTHON_TARGETS}" == *python2* ]]; then
+ myconf+=($(multilib_native_use_with python python2-bindings))
+ fi
+ if [[ "${PYTHON_TARGETS}" == *python3* ]]; then
+ myconf+=($(multilib_native_use_with python python3-bindings))
+ fi
+ #Work around linker dependency problem.
+ append-ldflags "-Wl,--allow-shlib-undefined"
+
+ myconf+=(
+ --localstatedir="${EPREFIX}"/var
+ --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
+ --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
+ --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
+ --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
+ --with-os=gentoo
+ --with-nscd
+ --with-unicode-lib="glib2"
+ --disable-rpath
+ --disable-silent-rules
+ --sbindir=/usr/sbin
+ --without-kcm
+ $(use_with samba libwbclient)
+ --with-secrets
+ $(multilib_native_use_with samba)
+ $(multilib_native_use_enable acl cifs-idmap-plugin)
+ $(multilib_native_use_with selinux)
+ $(multilib_native_use_with selinux semanage)
+ $(use_enable locator krb5-locator-plugin)
+ $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
+ $(use_enable nls )
+ $(multilib_native_use_with netlink libnl)
+ $(multilib_native_use_with manpages)
+ $(multilib_native_use_with sudo)
+ $(multilib_native_use_with autofs)
+ $(multilib_native_use_with ssh)
+ --with-crypto="nss"
+ --with-initscript="sysv"
+
+ KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
+ )
+
+ if ! multilib_is_native_abi; then
+ # work-around all the libraries that are used for CLI and server
+ myconf+=(
+ {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
+ # ldb headers are fine since native needs it
+ # ldb lib fails... but it does not seem to bother
+ {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
+ {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
+
+ # use native include path for dbus (needed for build)
+ DBUS_CFLAGS="${native_dbus_cflags}"
+
+ # non-pkgconfig checks
+ ac_cv_lib_ldap_ldap_search=yes
+ --without-secrets
+ --without-libwbclient
+ --without-kcm
+ --with-crypto=""
+ )
+
+ use locator || myconf+=(
+ KRB5_CONFIG=/bin/true
+ )
+ fi
+
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+ else
+ emake libnss_sss.la pam_sss.la
+ use locator && emake sssd_krb5_locator_plugin.la
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
+ else
+ # easier than playing with automake...
+ dopammod .libs/pam_sss.so
+
+ into /
+ dolib .libs/libnss_sss.so*
+
+ if use locator; then
+ exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
+ doexe .libs/sssd_krb5_locator_plugin.so
+ fi
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ insinto /etc/sssd
+ insopts -m600
+ doins "${S}"/src/examples/sssd-example.conf
+
+ insinto /etc/logrotate.d
+ insopts -m644
+ newins "${S}"/src/examples/logrotate sssd
+
+ newconfd "${FILESDIR}"/sssd.conf sssd
+ newinitd "${FILESDIR}"/sssd sssd
+
+ keepdir /var/lib/sss/db
+ keepdir /var/lib/sss/deskprofile
+ keepdir /var/lib/sss/gpo_cache
+ keepdir /var/lib/sss/keytabs
+ keepdir /var/lib/sss/mc
+ keepdir /var/lib/sss/pipes/private
+ keepdir /var/lib/sss/pubconf/krb5.include.d
+ keepdir /var/lib/sss/secrets
+ keepdir /var/log/sssd
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+}
+
+multilib_src_test() {
+ default
+}
+
+pkg_postinst(){
+ elog "You must set up sssd.conf (default installed into /etc/sssd)"
+ elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
+ elog "features. Please see howto in http://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2"
+}
diff --git a/sys-auth/sssd/sssd-2.0.0-r1.ebuild b/sys-auth/sssd/sssd-2.0.0-r1.ebuild
new file mode 100644
index 00000000000..4d67daf3221
--- /dev/null
+++ b/sys-auth/sssd/sssd-2.0.0-r1.ebuild
@@ -0,0 +1,237 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5,3_6,3_7} )
+
+inherit autotools flag-o-matic linux-info multilib-minimal pam python-r1 systemd toolchain-funcs
+
+DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
+HOMEPAGE="https://pagure.io/SSSD/sssd"
+SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl autofs +locator +netlink nfsv4 nls +manpages python samba selinux sudo ssh test"
+
+COMMON_DEP="
+ >=virtual/pam-0-r1[${MULTILIB_USEDEP}]
+ >=dev-libs/popt-1.16
+ dev-libs/glib:2
+ >=dev-libs/ding-libs-0.2
+ >=sys-libs/talloc-2.0.7
+ >=sys-libs/tdb-1.2.9
+ >=sys-libs/tevent-0.9.16
+ >=sys-libs/ldb-1.1.17-r1:=
+ >=net-nds/openldap-2.4.30[sasl]
+ net-libs/http-parser
+ >=dev-libs/libpcre-8.30
+ >=app-crypt/mit-krb5-1.10.3
+ dev-libs/jansson
+ locator? (
+ >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
+ >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
+ )
+ >=sys-apps/keyutils-1.5
+ >=net-dns/c-ares-1.7.4
+ >=dev-libs/nss-3.12.9
+ selinux? (
+ >=sys-libs/libselinux-2.1.9
+ >=sys-libs/libsemanage-2.1
+ )
+ >=net-dns/bind-tools-9.9[gssapi]
+ >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
+ >=sys-apps/dbus-1.6
+ acl? ( net-fs/cifs-utils[acl] )
+ nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
+ nls? ( >=sys-devel/gettext-0.18 )
+ virtual/libintl
+ netlink? ( dev-libs/libnl:3 )
+ samba? ( >=net-fs/samba-4.5 )
+ "
+
+RDEPEND="${COMMON_DEP}
+ >=sys-libs/glibc-2.17[nscd]
+ selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
+ "
+DEPEND="${COMMON_DEP}
+ test? ( dev-libs/check )
+ manpages? (
+ >=dev-libs/libxslt-1.1.26
+ app-text/docbook-xml-dtd:4.4
+ )"
+
+CONFIG_CHECK="~KEYS"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/ipa_hbac.h
+ /usr/include/sss_idmap.h
+ /usr/include/sss_nss_idmap.h
+ /usr/include/wbclient_sssd.h
+ # --with-ifp
+ /usr/include/sss_sifp.h
+ /usr/include/sss_sifp_dbus.h
+ # from 1.15.3
+ /usr/include/sss_certmap.h
+)
+
+pkg_setup(){
+ linux-info_pkg_setup
+}
+
+src_prepare() {
+ sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
+ "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
+
+ eapply "${FILESDIR}"/${PN}-curl-macros.patch
+
+ default
+ eautoreconf
+ multilib_copy_sources
+}
+
+src_configure() {
+ local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ # set initscript to sysv because the systemd option needs systemd to
+ # be installed. We provide our own systemd file anyway.
+ local myconf=()
+ if [[ "${PYTHON_TARGETS}" == *python2* ]]; then
+ myconf+=($(multilib_native_use_with python python2-bindings))
+ fi
+ if [[ "${PYTHON_TARGETS}" == *python3* ]]; then
+ myconf+=($(multilib_native_use_with python python3-bindings))
+ fi
+ #Work around linker dependency problem.
+ append-ldflags "-Wl,--allow-shlib-undefined"
+
+ myconf+=(
+ --localstatedir="${EPREFIX}"/var
+ --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
+ --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
+ --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
+ --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
+ --with-os=gentoo
+ --with-nscd
+ --with-unicode-lib="glib2"
+ --disable-rpath
+ --disable-silent-rules
+ --sbindir=/usr/sbin
+ --without-kcm
+ $(use_with samba libwbclient)
+ --with-secrets
+ $(multilib_native_use_with samba)
+ $(multilib_native_use_enable acl cifs-idmap-plugin)
+ $(multilib_native_use_with selinux)
+ $(multilib_native_use_with selinux semanage)
+ $(use_enable locator krb5-locator-plugin)
+ $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
+ $(use_enable nls )
+ $(multilib_native_use_with netlink libnl)
+ $(multilib_native_use_with manpages)
+ $(multilib_native_use_with sudo)
+ $(multilib_native_use_with autofs)
+ $(multilib_native_use_with ssh)
+ --with-crypto="nss"
+ --with-initscript="sysv"
+
+ KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
+ )
+
+ if ! multilib_is_native_abi; then
+ # work-around all the libraries that are used for CLI and server
+ myconf+=(
+ {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
+ # ldb headers are fine since native needs it
+ # ldb lib fails... but it does not seem to bother
+ {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
+ {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
+
+ # use native include path for dbus (needed for build)
+ DBUS_CFLAGS="${native_dbus_cflags}"
+
+ # non-pkgconfig checks
+ ac_cv_lib_ldap_ldap_search=yes
+ --without-secrets
+ --without-libwbclient
+ --without-kcm
+ --with-crypto=""
+ )
+
+ use locator || myconf+=(
+ KRB5_CONFIG=/bin/true
+ )
+ fi
+
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+ else
+ emake libnss_sss.la pam_sss.la
+ use locator && emake sssd_krb5_locator_plugin.la
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
+ else
+ # easier than playing with automake...
+ dopammod .libs/pam_sss.so
+
+ into /
+ dolib .libs/libnss_sss.so*
+
+ if use locator; then
+ exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
+ doexe .libs/sssd_krb5_locator_plugin.so
+ fi
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ insinto /etc/sssd
+ insopts -m600
+ doins "${S}"/src/examples/sssd-example.conf
+
+ insinto /etc/logrotate.d
+ insopts -m644
+ newins "${S}"/src/examples/logrotate sssd
+
+ newconfd "${FILESDIR}"/sssd.conf sssd
+ newinitd "${FILESDIR}"/sssd sssd
+
+ keepdir /var/lib/sss/db
+ keepdir /var/lib/sss/deskprofile
+ keepdir /var/lib/sss/gpo_cache
+ keepdir /var/lib/sss/keytabs
+ keepdir /var/lib/sss/mc
+ keepdir /var/lib/sss/pipes/private
+ keepdir /var/lib/sss/pubconf/krb5.include.d
+ keepdir /var/lib/sss/secrets
+ keepdir /var/log/sssd
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+}
+
+multilib_src_test() {
+ default
+}
+
+pkg_postinst(){
+ elog "You must set up sssd.conf (default installed into /etc/sssd)"
+ elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
+ elog "features. Please see howto in http://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2"
+}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/files/, sys-auth/sssd/
@ 2019-03-08 15:10 Mikle Kolyada
0 siblings, 0 replies; 7+ messages in thread
From: Mikle Kolyada @ 2019-03-08 15:10 UTC (permalink / raw
To: gentoo-commits
commit: f85b90959ccdba7479d1fa455031e3bb0b839c14
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 8 15:09:20 2019 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Mar 8 15:10:17 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f85b9095
sys-auth/sssd: fix CVE-2019-3811
Bug: https://bugs.gentoo.org/679538
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch | 96 +++++++++
sys-auth/sssd/sssd-1.16.3-r2.ebuild | 239 +++++++++++++++++++++++
2 files changed, 335 insertions(+)
diff --git a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
new file mode 100644
index 00000000000..87db45fd24b
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
@@ -0,0 +1,96 @@
+From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Mon, 3 Dec 2018 14:11:31 +0100
+Subject: [PATCH] nss: sssd returns '/' for emtpy home directories
+
+For empty home directory in passwd file sssd returns "/". Sssd
+should respect system behaviour and return the same as nsswitch
+"files" module - return empty string.
+
+Resolves:
+https://pagure.io/SSSD/sssd/issue/3901
+
+Reviewed-by: Simo Sorce <simo@redhat.com>
+Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
+(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)
+---
+ src/confdb/confdb.c | 9 +++++++++
+ src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++
+ src/responder/nss/nss_protocol_pwent.c | 2 +-
+ src/tests/intg/test_files_provider.py | 2 +-
+ 4 files changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
+index a3eb9c66d9..17bb4f8274 100644
+--- a/src/confdb/confdb.c
++++ b/src/confdb/confdb.c
+@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+ ret = ENOMEM;
+ goto done;
+ }
++ } else {
++ if (strcasecmp(domain->provider, "ad") == 0) {
++ /* ad provider default */
++ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");
++ if (!domain->fallback_homedir) {
++ ret = ENOMEM;
++ goto done;
++ }
++ }
+ }
+
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
+index 818a2bf787..425b7e8ee0 100644
+--- a/src/man/include/ad_modified_defaults.xml
++++ b/src/man/include/ad_modified_defaults.xml
+@@ -76,4 +76,23 @@
+ </listitem>
+ </itemizedlist>
+ </refsect2>
++ <refsect2 id='nss_modifications'>
++ <title>NSS configuration</title>
++ <itemizedlist>
++ <listitem>
++ <para>
++ fallback_homedir = /home/%d/%u
++ </para>
++ <para>
++ The AD provider automatically sets
++ "fallback_homedir = /home/%d/%u" to provide personal
++ home directories for users without the homeDirectory
++ attribute. If your AD Domain is properly
++ populated with Posix attributes, and you want to avoid
++ this fallback behavior, you can explicitly
++ set "fallback_homedir = %o".
++ </para>
++ </listitem>
++ </itemizedlist>
++ </refsect2>
+ </refsect1>
+diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
+index af9e74fc86..86fa4ec465 100644
+--- a/src/responder/nss/nss_protocol_pwent.c
++++ b/src/responder/nss/nss_protocol_pwent.c
+@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
+
+ homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
+ if (homedir == NULL) {
+- return "/";
++ return "";
+ }
+
+ return homedir;
+diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
+index ead1cc4c34..4761f1bd15 100644
+--- a/src/tests/intg/test_files_provider.py
++++ b/src/tests/intg/test_files_provider.py
+@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):
+ Test that resolving a user without a homedir defined works and returns
+ a fallback value
+ """
+- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))
++ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))
+
+
+ def test_user_no_gecos(setup_pw_with_canary, files_domain_only):
diff --git a/sys-auth/sssd/sssd-1.16.3-r2.ebuild b/sys-auth/sssd/sssd-1.16.3-r2.ebuild
new file mode 100644
index 00000000000..a52daabfc41
--- /dev/null
+++ b/sys-auth/sssd/sssd-1.16.3-r2.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5,3_6,3_7} )
+
+inherit autotools flag-o-matic linux-info multilib-minimal pam python-r1 systemd toolchain-funcs
+
+DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
+HOMEPAGE="https://pagure.io/SSSD/sssd"
+SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
+KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86"
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl autofs +locator +netlink nfsv4 nls +manpages python samba selinux sudo ssh test"
+
+COMMON_DEP="
+ >=virtual/pam-0-r1[${MULTILIB_USEDEP}]
+ >=dev-libs/popt-1.16
+ dev-libs/glib:2
+ >=dev-libs/ding-libs-0.2
+ >=sys-libs/talloc-2.0.7
+ >=sys-libs/tdb-1.2.9
+ >=sys-libs/tevent-0.9.16
+ >=sys-libs/ldb-1.1.17-r1:=
+ >=net-nds/openldap-2.4.30[sasl]
+ net-libs/http-parser
+ >=dev-libs/libpcre-8.30
+ >=app-crypt/mit-krb5-1.10.3
+ dev-libs/jansson
+ net-misc/curl
+ locator? (
+ >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
+ >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
+ )
+ >=sys-apps/keyutils-1.5
+ >=net-dns/c-ares-1.7.4
+ >=dev-libs/nss-3.12.9
+ selinux? (
+ >=sys-libs/libselinux-2.1.9
+ >=sys-libs/libsemanage-2.1
+ )
+ >=net-dns/bind-tools-9.9[gssapi]
+ >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
+ >=sys-apps/dbus-1.6
+ acl? ( net-fs/cifs-utils[acl] )
+ nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
+ nls? ( >=sys-devel/gettext-0.18 )
+ virtual/libintl
+ netlink? ( dev-libs/libnl:3 )
+ samba? ( >=net-fs/samba-4.5 )
+ "
+
+RDEPEND="${COMMON_DEP}
+ >=sys-libs/glibc-2.17[nscd]
+ selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
+ "
+DEPEND="${COMMON_DEP}
+ test? ( dev-libs/check )
+ manpages? (
+ >=dev-libs/libxslt-1.1.26
+ app-text/docbook-xml-dtd:4.4
+ )"
+
+CONFIG_CHECK="~KEYS"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/ipa_hbac.h
+ /usr/include/sss_idmap.h
+ /usr/include/sss_nss_idmap.h
+ /usr/include/wbclient_sssd.h
+ # --with-ifp
+ /usr/include/sss_sifp.h
+ /usr/include/sss_sifp_dbus.h
+ # from 1.15.3
+ /usr/include/sss_certmap.h
+)
+
+pkg_setup(){
+ linux-info_pkg_setup
+}
+
+src_prepare() {
+ sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
+ "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
+
+ eapply "${FILESDIR}"/${PN}-curl-macros.patch
+ eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch
+
+ default
+ eautoreconf
+ multilib_copy_sources
+}
+
+src_configure() {
+ local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ # set initscript to sysv because the systemd option needs systemd to
+ # be installed. We provide our own systemd file anyway.
+ local myconf=()
+ if [[ "${PYTHON_TARGETS}" == *python2* ]]; then
+ myconf+=($(multilib_native_use_with python python2-bindings))
+ fi
+ if [[ "${PYTHON_TARGETS}" == *python3* ]]; then
+ myconf+=($(multilib_native_use_with python python3-bindings))
+ fi
+ #Work around linker dependency problem.
+ append-ldflags "-Wl,--allow-shlib-undefined"
+
+ myconf+=(
+ --localstatedir="${EPREFIX}"/var
+ --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
+ --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
+ --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
+ --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
+ --with-os=gentoo
+ --with-nscd
+ --with-unicode-lib="glib2"
+ --disable-rpath
+ --disable-silent-rules
+ --sbindir=/usr/sbin
+ --without-kcm
+ $(use_with samba libwbclient)
+ --with-secrets
+ $(multilib_native_use_with samba)
+ $(multilib_native_use_enable acl cifs-idmap-plugin)
+ $(multilib_native_use_with selinux)
+ $(multilib_native_use_with selinux semanage)
+ $(use_enable locator krb5-locator-plugin)
+ $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
+ $(use_enable nls )
+ $(multilib_native_use_with netlink libnl)
+ $(multilib_native_use_with manpages)
+ $(multilib_native_use_with sudo)
+ $(multilib_native_use_with autofs)
+ $(multilib_native_use_with ssh)
+ --with-crypto="nss"
+ --with-initscript="sysv"
+
+ KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
+ )
+
+ if ! multilib_is_native_abi; then
+ # work-around all the libraries that are used for CLI and server
+ myconf+=(
+ {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
+ # ldb headers are fine since native needs it
+ # ldb lib fails... but it does not seem to bother
+ {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
+ {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
+
+ # use native include path for dbus (needed for build)
+ DBUS_CFLAGS="${native_dbus_cflags}"
+
+ # non-pkgconfig checks
+ ac_cv_lib_ldap_ldap_search=yes
+ --without-secrets
+ --without-libwbclient
+ --without-kcm
+ --with-crypto=""
+ )
+
+ use locator || myconf+=(
+ KRB5_CONFIG=/bin/true
+ )
+ fi
+
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+ else
+ emake libnss_sss.la pam_sss.la
+ use locator && emake sssd_krb5_locator_plugin.la
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
+ else
+ # easier than playing with automake...
+ dopammod .libs/pam_sss.so
+
+ into /
+ dolib .libs/libnss_sss.so*
+
+ if use locator; then
+ exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
+ doexe .libs/sssd_krb5_locator_plugin.so
+ fi
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ insinto /etc/sssd
+ insopts -m600
+ doins "${S}"/src/examples/sssd-example.conf
+
+ insinto /etc/logrotate.d
+ insopts -m644
+ newins "${S}"/src/examples/logrotate sssd
+
+ newconfd "${FILESDIR}"/sssd.conf sssd
+ newinitd "${FILESDIR}"/sssd sssd
+
+ keepdir /var/lib/sss/db
+ keepdir /var/lib/sss/deskprofile
+ keepdir /var/lib/sss/gpo_cache
+ keepdir /var/lib/sss/keytabs
+ keepdir /var/lib/sss/mc
+ keepdir /var/lib/sss/pipes/private
+ keepdir /var/lib/sss/pubconf/krb5.include.d
+ keepdir /var/lib/sss/secrets
+ keepdir /var/log/sssd
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+}
+
+multilib_src_test() {
+ default
+}
+
+pkg_postinst(){
+ elog "You must set up sssd.conf (default installed into /etc/sssd)"
+ elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
+ elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x"
+}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/files/, sys-auth/sssd/
@ 2020-08-14 20:42 Matt Turner
0 siblings, 0 replies; 7+ messages in thread
From: Matt Turner @ 2020-08-14 20:42 UTC (permalink / raw
To: gentoo-commits
commit: dc86803f6dc983fbb0ca8737da804c49b3219360
Author: Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 20:38:18 2020 +0000
Commit: Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 20:42:10 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc86803f
sys-auth/sssd: Look for softhsm in the right location
Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>
...k-for-libsofthsm2.so-in-usr-libdir-sofths.patch | 32 ++++++++++++++++++++++
sys-auth/sssd/sssd-2.3.1.ebuild | 4 +++
2 files changed, 36 insertions(+)
diff --git a/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch b/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch
new file mode 100644
index 00000000000..b84df9a91cb
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch
@@ -0,0 +1,32 @@
+From fc79d035ccc4c1a5da26bbd780aeb7e0a0afebf5 Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Fri, 14 Aug 2020 13:36:30 -0700
+Subject: [PATCH] test_ca: Look for libsofthsm2.so in /usr/${libdir}/softhsm
+ too
+
+Signed-off-by: Matt Turner <mattst88@gmail.com>
+---
+ src/external/test_ca.m4 | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/external/test_ca.m4 b/src/external/test_ca.m4
+index 4d45a5a16..d318789bc 100644
+--- a/src/external/test_ca.m4
++++ b/src/external/test_ca.m4
+@@ -33,9 +33,10 @@ AC_DEFUN([AM_CHECK_TEST_CA],
+ AM_CONDITIONAL([BUILD_TEST_CA], [test -x "$OPENSSL" -a -x "$SSH_KEYGEN" -a -x "$CERTUTIL" -a -x "$PK12UTIL"])
+ else
+
+- for p in /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so; do
+- if test -f "${p}"; then
+- SOFTHSM2_PATH="${p}"
++ for p in /usr/lib{64,}/{softhsm,pkcs11} /usr/lib/x86_64-linux-gnu/softhsm; do
++ f="${p}/libsofthsm2.so"
++ if test -f "${f}"; then
++ SOFTHSM2_PATH="${f}"
+ break;
+ fi
+ done
+--
+2.26.2
+
diff --git a/sys-auth/sssd/sssd-2.3.1.ebuild b/sys-auth/sssd/sssd-2.3.1.ebuild
index b7891b21454..dc2ccb3680b 100644
--- a/sys-auth/sssd/sssd-2.3.1.ebuild
+++ b/sys-auth/sssd/sssd-2.3.1.ebuild
@@ -89,6 +89,10 @@ MULTILIB_WRAPPED_HEADERS=(
/usr/include/sss_certmap.h
)
+PATCHES=(
+ "${FILESDIR}"/${P}-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch
+)
+
pkg_setup() {
linux-info_pkg_setup
}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/files/, sys-auth/sssd/
@ 2020-10-10 11:41 Mikle Kolyada
0 siblings, 0 replies; 7+ messages in thread
From: Mikle Kolyada @ 2020-10-10 11:41 UTC (permalink / raw
To: gentoo-commits
commit: 193c6fc3382f200c33f4ab840768c6578b4e94b3
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 10 11:41:13 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Oct 10 11:41:13 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=193c6fc3
sys-auth/sssd: Drop old (Security cleanup)
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
sys-auth/sssd/Manifest | 2 -
sys-auth/sssd/files/sssd-curl-macros.patch | 34 ----
sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch | 96 ----------
sys-auth/sssd/sssd-1.16.3-r3.ebuild | 233 -----------------------
sys-auth/sssd/sssd-2.1.0-r1.ebuild | 230 ----------------------
5 files changed, 595 deletions(-)
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
index 8a957aee6b0..89f18011990 100644
--- a/sys-auth/sssd/Manifest
+++ b/sys-auth/sssd/Manifest
@@ -1,5 +1,3 @@
-DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728
-DIST sssd-2.1.0.tar.gz 6463331 BLAKE2B 9226370dc384c58841d944bdf9b067d953bf138ee7a289f01a4b8bb5d09beee3b9f21609989123d8f4f9fc13237670d61e32dcb194555ddc6785c598ce78d08c SHA512 12a7e5b89d462350af3c43e15b24a437dd985ac4a2e419d5e52cc0d05c6eacb9319d39b23681595ef860120cd1ae6e5fb265054afeddcb05d3d5f5de5d6ffa63
DIST sssd-2.2.0.tar.gz 6642715 BLAKE2B e6c16ca69effe59769fc166c02203faee445ebe2bf551c6a1460bdee2474ccbce1a38b3aa59b1ae4a79bb170696a784b800a9299025bf6a58bc9aeb94b946338 SHA512 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb
DIST sssd-2.2.2.tar.gz 6767578 BLAKE2B e0eedaf1da1de953903730c96479af0709ee14dd83eca82a11316dc96c29573b5f3de5965f386d5c12a69e7d98b6168c9d197bbd46ac51f0122feababe52dfe1 SHA512 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801
DIST sssd-2.2.3.tar.gz 6894302 BLAKE2B b72443ebd4f50581a0d9d2b7cf691fdda0dfe3cfb2ed82c383595aeca8d6198c7f44f1c49e56bdfeac23f9151897ac2df70d1afbbeceb2231daee71492884420 SHA512 b61d52a53e26e8efa9cb799fc6efc2314bf9d174d3cacfe591a4ca77530637591eacc0dc70c0555252e04a9617e8b134b1ab2d9b0f7351b4228e7b61499e6a10
diff --git a/sys-auth/sssd/files/sssd-curl-macros.patch b/sys-auth/sssd/files/sssd-curl-macros.patch
deleted file mode 100644
index 91e71e83787..00000000000
--- a/sys-auth/sssd/files/sssd-curl-macros.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001
-From: Mikle Kolyada <zlogene@gentoo.org>
-Date: Sun, 16 Dec 2018 20:42:39 +0300
-Subject: [PATCH] tev_curl.c: remove case duplication
-
-CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided
-by net-misc/curl-7.62.0 and older
----
- tev_curl.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/tev_curl.c b/tev_curl.c
-index 6a7a580..ce6fdba 100644
---- a/src/util/tev_curl.c
-+++ b/src/util/tev_curl.c
-@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv)
- return ETIMEDOUT;
- case CURLE_SSL_ISSUER_ERROR:
- case CURLE_SSL_CACERT_BADFILE:
-- case CURLE_SSL_CACERT:
- case CURLE_SSL_CERTPROBLEM:
- return ERR_INVALID_CERT;
-
-@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv)
- case CURLE_SSL_ENGINE_NOTFOUND:
- case CURLE_SSL_CONNECT_ERROR:
- return ERR_SSL_FAILURE;
-- case CURLE_PEER_FAILED_VERIFICATION:
-- return ERR_UNABLE_TO_VERIFY_PEER;
- case CURLE_COULDNT_RESOLVE_HOST:
- return ERR_UNABLE_TO_RESOLVE_HOST;
- default:
---
-2.19.2
\ No newline at end of file
diff --git a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
deleted file mode 100644
index 87db45fd24b..00000000000
--- a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Mon, 3 Dec 2018 14:11:31 +0100
-Subject: [PATCH] nss: sssd returns '/' for emtpy home directories
-
-For empty home directory in passwd file sssd returns "/". Sssd
-should respect system behaviour and return the same as nsswitch
-"files" module - return empty string.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/3901
-
-Reviewed-by: Simo Sorce <simo@redhat.com>
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)
----
- src/confdb/confdb.c | 9 +++++++++
- src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++
- src/responder/nss/nss_protocol_pwent.c | 2 +-
- src/tests/intg/test_files_provider.py | 2 +-
- 4 files changed, 30 insertions(+), 2 deletions(-)
-
-diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
-index a3eb9c66d9..17bb4f8274 100644
---- a/src/confdb/confdb.c
-+++ b/src/confdb/confdb.c
-@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
- ret = ENOMEM;
- goto done;
- }
-+ } else {
-+ if (strcasecmp(domain->provider, "ad") == 0) {
-+ /* ad provider default */
-+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");
-+ if (!domain->fallback_homedir) {
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+ }
- }
-
- tmp = ldb_msg_find_attr_as_string(res->msgs[0],
-diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
-index 818a2bf787..425b7e8ee0 100644
---- a/src/man/include/ad_modified_defaults.xml
-+++ b/src/man/include/ad_modified_defaults.xml
-@@ -76,4 +76,23 @@
- </listitem>
- </itemizedlist>
- </refsect2>
-+ <refsect2 id='nss_modifications'>
-+ <title>NSS configuration</title>
-+ <itemizedlist>
-+ <listitem>
-+ <para>
-+ fallback_homedir = /home/%d/%u
-+ </para>
-+ <para>
-+ The AD provider automatically sets
-+ "fallback_homedir = /home/%d/%u" to provide personal
-+ home directories for users without the homeDirectory
-+ attribute. If your AD Domain is properly
-+ populated with Posix attributes, and you want to avoid
-+ this fallback behavior, you can explicitly
-+ set "fallback_homedir = %o".
-+ </para>
-+ </listitem>
-+ </itemizedlist>
-+ </refsect2>
- </refsect1>
-diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
-index af9e74fc86..86fa4ec465 100644
---- a/src/responder/nss/nss_protocol_pwent.c
-+++ b/src/responder/nss/nss_protocol_pwent.c
-@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
-
- homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
- if (homedir == NULL) {
-- return "/";
-+ return "";
- }
-
- return homedir;
-diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
-index ead1cc4c34..4761f1bd15 100644
---- a/src/tests/intg/test_files_provider.py
-+++ b/src/tests/intg/test_files_provider.py
-@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):
- Test that resolving a user without a homedir defined works and returns
- a fallback value
- """
-- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))
-+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))
-
-
- def test_user_no_gecos(setup_pw_with_canary, files_domain_only):
diff --git a/sys-auth/sssd/sssd-1.16.3-r3.ebuild b/sys-auth/sssd/sssd-1.16.3-r3.ebuild
deleted file mode 100644
index a887a0cb720..00000000000
--- a/sys-auth/sssd/sssd-1.16.3-r3.ebuild
+++ /dev/null
@@ -1,233 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs
-
-DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
-HOMEPAGE="https://pagure.io/SSSD/sssd"
-SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
-KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86"
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEP="
- >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/popt-1.16
- dev-libs/glib:2
- >=dev-libs/ding-libs-0.2
- >=sys-libs/talloc-2.0.7
- >=sys-libs/tdb-1.2.9
- >=sys-libs/tevent-0.9.16
- >=sys-libs/ldb-1.1.17-r1:=
- >=net-nds/openldap-2.4.30[sasl]
- net-libs/http-parser
- >=dev-libs/libpcre-8.30
- >=app-crypt/mit-krb5-1.10.3
- dev-libs/jansson
- net-misc/curl
- locator? (
- >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
- >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
- )
- >=sys-apps/keyutils-1.5:=
- >=net-dns/c-ares-1.7.4
- >=dev-libs/nss-3.12.9
- selinux? (
- >=sys-libs/libselinux-2.1.9
- >=sys-libs/libsemanage-2.1
- )
- >=net-dns/bind-tools-9.9[gssapi]
- >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
- >=sys-apps/dbus-1.6
- acl? ( net-fs/cifs-utils[acl] )
- nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
- nls? ( >=sys-devel/gettext-0.18 )
- virtual/libintl
- netlink? ( dev-libs/libnl:3 )
- samba? ( >=net-fs/samba-4.5 )
- "
-
-RDEPEND="${COMMON_DEP}
- >=sys-libs/glibc-2.17[nscd]
- selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
- "
-DEPEND="${COMMON_DEP}
- test? ( dev-libs/check )
- manpages? (
- >=dev-libs/libxslt-1.1.26
- app-text/docbook-xml-dtd:4.4
- )"
-
-CONFIG_CHECK="~KEYS"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/ipa_hbac.h
- /usr/include/sss_idmap.h
- /usr/include/sss_nss_idmap.h
- /usr/include/wbclient_sssd.h
- # --with-ifp
- /usr/include/sss_sifp.h
- /usr/include/sss_sifp_dbus.h
- # from 1.15.3
- /usr/include/sss_certmap.h
-)
-
-pkg_setup() {
- linux-info_pkg_setup
-}
-
-src_prepare() {
- sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
- "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
-
- eapply "${FILESDIR}"/${PN}-curl-macros.patch
- eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch
-
- default
- eautoreconf
- multilib_copy_sources
-}
-
-src_configure() {
- local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- # set initscript to sysv because the systemd option needs systemd to
- # be installed. We provide our own systemd file anyway.
- local myconf=()
- #Work around linker dependency problem.
- append-ldflags "-Wl,--allow-shlib-undefined"
-
- myconf+=(
- --localstatedir="${EPREFIX}"/var
- --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
- --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
- --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
- --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
- --with-os=gentoo
- --with-nscd
- --with-unicode-lib="glib2"
- --disable-rpath
- --sbindir=/usr/sbin
- --without-kcm
- $(use_with samba libwbclient)
- --with-secrets
- $(multilib_native_use_with samba)
- $(multilib_native_use_enable acl cifs-idmap-plugin)
- $(multilib_native_use_with selinux)
- $(multilib_native_use_with selinux semanage)
- $(use_enable locator krb5-locator-plugin)
- $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
- $(use_enable nls )
- $(multilib_native_use_with netlink libnl)
- $(multilib_native_use_with manpages)
- $(multilib_native_use_with sudo)
- $(multilib_native_use_with autofs)
- $(multilib_native_use_with ssh)
- --with-crypto="nss"
- --with-initscript="sysv"
- --without-python2-bindings
- --without-python3-bindings
-
- KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
- )
-
- if ! multilib_is_native_abi; then
- # work-around all the libraries that are used for CLI and server
- myconf+=(
- {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
- # ldb headers are fine since native needs it
- # ldb lib fails... but it does not seem to bother
- {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
-
- # use native include path for dbus (needed for build)
- DBUS_CFLAGS="${native_dbus_cflags}"
-
- # non-pkgconfig checks
- ac_cv_lib_ldap_ldap_search=yes
- --without-secrets
- --without-libwbclient
- --without-kcm
- --with-crypto=""
- )
-
- use locator || myconf+=(
- KRB5_CONFIG=/bin/true
- )
- fi
-
- econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
- else
- emake libnss_sss.la pam_sss.la
- use locator && emake sssd_krb5_locator_plugin.la
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
- else
- # easier than playing with automake...
- dopammod .libs/pam_sss.so
-
- into /
- dolib.so .libs/libnss_sss.so*
-
- if use locator; then
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
- fi
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- insinto /etc/sssd
- insopts -m600
- doins "${S}"/src/examples/sssd-example.conf
-
- insinto /etc/logrotate.d
- insopts -m644
- newins "${S}"/src/examples/logrotate sssd
-
- newconfd "${FILESDIR}"/sssd.conf sssd
- newinitd "${FILESDIR}"/sssd sssd
-
- keepdir /var/lib/sss/db
- keepdir /var/lib/sss/deskprofile
- keepdir /var/lib/sss/gpo_cache
- keepdir /var/lib/sss/keytabs
- keepdir /var/lib/sss/mc
- keepdir /var/lib/sss/pipes/private
- keepdir /var/lib/sss/pubconf/krb5.include.d
- keepdir /var/lib/sss/secrets
- keepdir /var/log/sssd
-
- systemd_dounit "${FILESDIR}/${PN}.service"
-}
-
-multilib_src_test() {
- default
-}
-
-pkg_postinst() {
- elog "You must set up sssd.conf (default installed into /etc/sssd)"
- elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x"
-}
diff --git a/sys-auth/sssd/sssd-2.1.0-r1.ebuild b/sys-auth/sssd/sssd-2.1.0-r1.ebuild
deleted file mode 100644
index 98af8535a88..00000000000
--- a/sys-auth/sssd/sssd-2.1.0-r1.ebuild
+++ /dev/null
@@ -1,230 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs
-
-DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
-HOMEPAGE="https://pagure.io/SSSD/sssd"
-SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
-KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEP="
- >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/popt-1.16
- dev-libs/glib:2
- >=dev-libs/ding-libs-0.2
- >=sys-libs/talloc-2.0.7
- >=sys-libs/tdb-1.2.9
- >=sys-libs/tevent-0.9.16
- >=sys-libs/ldb-1.1.17-r1:=
- >=net-nds/openldap-2.4.30[sasl]
- net-libs/http-parser
- >=dev-libs/libpcre-8.30
- >=app-crypt/mit-krb5-1.10.3
- dev-libs/jansson
- net-misc/curl
- locator? (
- >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
- >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
- )
- >=sys-apps/keyutils-1.5:=
- >=net-dns/c-ares-1.7.4
- >=dev-libs/nss-3.12.9
- selinux? (
- >=sys-libs/libselinux-2.1.9
- >=sys-libs/libsemanage-2.1
- )
- >=net-dns/bind-tools-9.9[gssapi]
- >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
- >=sys-apps/dbus-1.6
- acl? ( net-fs/cifs-utils[acl] )
- nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
- nls? ( >=sys-devel/gettext-0.18 )
- virtual/libintl
- netlink? ( dev-libs/libnl:3 )
- samba? ( >=net-fs/samba-4.10.2[winbind] )
- "
-
-RDEPEND="${COMMON_DEP}
- >=sys-libs/glibc-2.17[nscd]
- selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
- "
-DEPEND="${COMMON_DEP}
- test? ( dev-libs/check )
- manpages? (
- >=dev-libs/libxslt-1.1.26
- app-text/docbook-xml-dtd:4.4
- )"
-
-CONFIG_CHECK="~KEYS"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/ipa_hbac.h
- /usr/include/sss_idmap.h
- /usr/include/sss_nss_idmap.h
- /usr/include/wbclient_sssd.h
- # --with-ifp
- /usr/include/sss_sifp.h
- /usr/include/sss_sifp_dbus.h
- # from 1.15.3
- /usr/include/sss_certmap.h
-)
-
-pkg_setup() {
- linux-info_pkg_setup
-}
-
-src_prepare() {
- sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
- "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
-
- default
- eautoreconf
- multilib_copy_sources
-}
-
-src_configure() {
- local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- # set initscript to sysv because the systemd option needs systemd to
- # be installed. We provide our own systemd file anyway.
- local myconf=()
- #Work around linker dependency problem.
- append-ldflags "-Wl,--allow-shlib-undefined"
-
- myconf+=(
- --localstatedir="${EPREFIX}"/var
- --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
- --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
- --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
- --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
- --with-os=gentoo
- --with-nscd
- --with-unicode-lib="glib2"
- --disable-rpath
- --sbindir=/usr/sbin
- --without-kcm
- $(use_with samba libwbclient)
- --with-secrets
- $(multilib_native_use_with samba)
- $(multilib_native_use_enable acl cifs-idmap-plugin)
- $(multilib_native_use_with selinux)
- $(multilib_native_use_with selinux semanage)
- $(use_enable locator krb5-locator-plugin)
- $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
- $(use_enable nls )
- $(multilib_native_use_with netlink libnl)
- $(multilib_native_use_with manpages)
- $(multilib_native_use_with sudo)
- $(multilib_native_use_with autofs)
- $(multilib_native_use_with ssh)
- --with-crypto="nss"
- --with-initscript="sysv"
- --without-python2-bindings
- --without-python3-bindings
-
- KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
- )
-
- if ! multilib_is_native_abi; then
- # work-around all the libraries that are used for CLI and server
- myconf+=(
- {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
- # ldb headers are fine since native needs it
- # ldb lib fails... but it does not seem to bother
- {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
-
- # use native include path for dbus (needed for build)
- DBUS_CFLAGS="${native_dbus_cflags}"
-
- # non-pkgconfig checks
- ac_cv_lib_ldap_ldap_search=yes
- --without-secrets
- --without-libwbclient
- --without-kcm
- --with-crypto=""
- )
-
- use locator || myconf+=(
- KRB5_CONFIG=/bin/true
- )
- fi
-
- econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
- else
- emake libnss_sss.la pam_sss.la
- use locator && emake sssd_krb5_locator_plugin.la
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
- else
- # easier than playing with automake...
- dopammod .libs/pam_sss.so
-
- into /
- dolib.so .libs/libnss_sss.so*
-
- if use locator; then
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
- fi
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- insinto /etc/sssd
- insopts -m600
- doins "${S}"/src/examples/sssd-example.conf
-
- insinto /etc/logrotate.d
- insopts -m644
- newins "${S}"/src/examples/logrotate sssd
-
- newconfd "${FILESDIR}"/sssd.conf sssd
- newinitd "${FILESDIR}"/sssd sssd
-
- keepdir /var/lib/sss/db
- keepdir /var/lib/sss/deskprofile
- keepdir /var/lib/sss/gpo_cache
- keepdir /var/lib/sss/keytabs
- keepdir /var/lib/sss/mc
- keepdir /var/lib/sss/pipes/private
- keepdir /var/lib/sss/pubconf/krb5.include.d
- keepdir /var/lib/sss/secrets
- keepdir /var/log/sssd
-
- systemd_dounit "${FILESDIR}/${PN}.service"
-}
-
-multilib_src_test() {
- default
-}
-
-pkg_postinst() {
- elog "You must set up sssd.conf (default installed into /etc/sssd)"
- elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html"
-}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/files/, sys-auth/sssd/
@ 2020-10-18 15:50 Mikle Kolyada
0 siblings, 0 replies; 7+ messages in thread
From: Mikle Kolyada @ 2020-10-18 15:50 UTC (permalink / raw
To: gentoo-commits
commit: bf28cc84a678e8583724c13beb23ade8d84b6b3b
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 18 15:49:39 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Oct 18 15:50:01 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf28cc84
sys-auth/sssd: Drop old
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
sys-auth/sssd/Manifest | 2 -
.../sssd/files/sssd-2.2.3-glibc-2.32-compat.patch | 71 -------
sys-auth/sssd/sssd-2.2.2.ebuild | 230 --------------------
sys-auth/sssd/sssd-2.2.3.ebuild | 234 ---------------------
4 files changed, 537 deletions(-)
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
index 9f06f51f441..0c71572a614 100644
--- a/sys-auth/sssd/Manifest
+++ b/sys-auth/sssd/Manifest
@@ -1,5 +1,3 @@
DIST sssd-2.2.0.tar.gz 6642715 BLAKE2B e6c16ca69effe59769fc166c02203faee445ebe2bf551c6a1460bdee2474ccbce1a38b3aa59b1ae4a79bb170696a784b800a9299025bf6a58bc9aeb94b946338 SHA512 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb
-DIST sssd-2.2.2.tar.gz 6767578 BLAKE2B e0eedaf1da1de953903730c96479af0709ee14dd83eca82a11316dc96c29573b5f3de5965f386d5c12a69e7d98b6168c9d197bbd46ac51f0122feababe52dfe1 SHA512 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801
-DIST sssd-2.2.3.tar.gz 6894302 BLAKE2B b72443ebd4f50581a0d9d2b7cf691fdda0dfe3cfb2ed82c383595aeca8d6198c7f44f1c49e56bdfeac23f9151897ac2df70d1afbbeceb2231daee71492884420 SHA512 b61d52a53e26e8efa9cb799fc6efc2314bf9d174d3cacfe591a4ca77530637591eacc0dc70c0555252e04a9617e8b134b1ab2d9b0f7351b4228e7b61499e6a10
DIST sssd-2.3.1.tar.gz 7186526 BLAKE2B 6d630fe75b9b426ef54adbe1704fde8e01fc34df7861028c07ce2985db8a151ce743d633061386fea6460fe8eabb89242b816d4bac87975bb9b7b2064ad1d547 SHA512 6aeb52d5222c5992d581296996749327bcaf276e4eb4413a6a32ea6529343432cfe413006aca4245c19b38b515be1c4c2ef88a157c617d889274179253355bc6
DIST sssd-2.4.0.tar.gz 7280358 BLAKE2B 28136953cd7c9f3119bd5a223c911a3b3f97921402c5a8ba34c6fca90434fead46906266e33450688fe131a515edf9e5f8654658cc10cfaafb44a9c2d8c59dd8 SHA512 d9a4b17665ce3a1ea51cfe2fdb53818ac1e265a33c61f657f61699ecc716e1244e45b5b628aeae6c54e601383084f3cac327cb3edd7bea80bca397b1fbe4ab72
diff --git a/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch b/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch
deleted file mode 100644
index 9d59ae91be5..00000000000
--- a/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From fe9eeb51be06059721e873f77092b1e9ba08e6c1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Thu, 27 Feb 2020 06:50:40 +0100
-Subject: [PATCH] nss: Collision with external nss symbol
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-One of our internal static function names started
-to collide with external nss symbol. Additional
-sss_ suffix was added to avoid the collision.
-
-This is needed to unblock Fedora Rawhide's
-SSSD build.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/responder/nss/nss_cmd.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c
-index 356aea1564..02706c4b94 100644
---- a/src/responder/nss/nss_cmd.c
-+++ b/src/responder/nss/nss_cmd.c
-@@ -731,11 +731,13 @@ static void nss_getent_done(struct tevent_req *subreq)
- talloc_free(cmd_ctx);
- }
-
--static void nss_setnetgrent_done(struct tevent_req *subreq);
-+static void sss_nss_setnetgrent_done(struct tevent_req *subreq);
-
--static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
-- enum cache_req_type type,
-- nss_protocol_fill_packet_fn fill_fn)
-+/* This function's name started to collide with external nss symbol,
-+ * so it has additional sss_* prefix unlike other functions here. */
-+static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx,
-+ enum cache_req_type type,
-+ nss_protocol_fill_packet_fn fill_fn)
- {
- struct nss_ctx *nss_ctx;
- struct nss_state_ctx *state_ctx;
-@@ -777,7 +779,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
- goto done;
- }
-
-- tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx);
-+ tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx);
-
- ret = EOK;
-
-@@ -790,7 +792,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
- return EOK;
- }
-
--static void nss_setnetgrent_done(struct tevent_req *subreq)
-+static void sss_nss_setnetgrent_done(struct tevent_req *subreq)
- {
- struct nss_cmd_ctx *cmd_ctx;
- errno_t ret;
-@@ -1040,8 +1042,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx)
-
- static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
- {
-- return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
-- nss_protocol_fill_setnetgrent);
-+ return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
-+ nss_protocol_fill_setnetgrent);
- }
-
- static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx)
diff --git a/sys-auth/sssd/sssd-2.2.2.ebuild b/sys-auth/sssd/sssd-2.2.2.ebuild
deleted file mode 100644
index 98af8535a88..00000000000
--- a/sys-auth/sssd/sssd-2.2.2.ebuild
+++ /dev/null
@@ -1,230 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs
-
-DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
-HOMEPAGE="https://pagure.io/SSSD/sssd"
-SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
-KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEP="
- >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/popt-1.16
- dev-libs/glib:2
- >=dev-libs/ding-libs-0.2
- >=sys-libs/talloc-2.0.7
- >=sys-libs/tdb-1.2.9
- >=sys-libs/tevent-0.9.16
- >=sys-libs/ldb-1.1.17-r1:=
- >=net-nds/openldap-2.4.30[sasl]
- net-libs/http-parser
- >=dev-libs/libpcre-8.30
- >=app-crypt/mit-krb5-1.10.3
- dev-libs/jansson
- net-misc/curl
- locator? (
- >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
- >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
- )
- >=sys-apps/keyutils-1.5:=
- >=net-dns/c-ares-1.7.4
- >=dev-libs/nss-3.12.9
- selinux? (
- >=sys-libs/libselinux-2.1.9
- >=sys-libs/libsemanage-2.1
- )
- >=net-dns/bind-tools-9.9[gssapi]
- >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
- >=sys-apps/dbus-1.6
- acl? ( net-fs/cifs-utils[acl] )
- nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
- nls? ( >=sys-devel/gettext-0.18 )
- virtual/libintl
- netlink? ( dev-libs/libnl:3 )
- samba? ( >=net-fs/samba-4.10.2[winbind] )
- "
-
-RDEPEND="${COMMON_DEP}
- >=sys-libs/glibc-2.17[nscd]
- selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
- "
-DEPEND="${COMMON_DEP}
- test? ( dev-libs/check )
- manpages? (
- >=dev-libs/libxslt-1.1.26
- app-text/docbook-xml-dtd:4.4
- )"
-
-CONFIG_CHECK="~KEYS"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/ipa_hbac.h
- /usr/include/sss_idmap.h
- /usr/include/sss_nss_idmap.h
- /usr/include/wbclient_sssd.h
- # --with-ifp
- /usr/include/sss_sifp.h
- /usr/include/sss_sifp_dbus.h
- # from 1.15.3
- /usr/include/sss_certmap.h
-)
-
-pkg_setup() {
- linux-info_pkg_setup
-}
-
-src_prepare() {
- sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
- "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
-
- default
- eautoreconf
- multilib_copy_sources
-}
-
-src_configure() {
- local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- # set initscript to sysv because the systemd option needs systemd to
- # be installed. We provide our own systemd file anyway.
- local myconf=()
- #Work around linker dependency problem.
- append-ldflags "-Wl,--allow-shlib-undefined"
-
- myconf+=(
- --localstatedir="${EPREFIX}"/var
- --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
- --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
- --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
- --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
- --with-os=gentoo
- --with-nscd
- --with-unicode-lib="glib2"
- --disable-rpath
- --sbindir=/usr/sbin
- --without-kcm
- $(use_with samba libwbclient)
- --with-secrets
- $(multilib_native_use_with samba)
- $(multilib_native_use_enable acl cifs-idmap-plugin)
- $(multilib_native_use_with selinux)
- $(multilib_native_use_with selinux semanage)
- $(use_enable locator krb5-locator-plugin)
- $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
- $(use_enable nls )
- $(multilib_native_use_with netlink libnl)
- $(multilib_native_use_with manpages)
- $(multilib_native_use_with sudo)
- $(multilib_native_use_with autofs)
- $(multilib_native_use_with ssh)
- --with-crypto="nss"
- --with-initscript="sysv"
- --without-python2-bindings
- --without-python3-bindings
-
- KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
- )
-
- if ! multilib_is_native_abi; then
- # work-around all the libraries that are used for CLI and server
- myconf+=(
- {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
- # ldb headers are fine since native needs it
- # ldb lib fails... but it does not seem to bother
- {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
-
- # use native include path for dbus (needed for build)
- DBUS_CFLAGS="${native_dbus_cflags}"
-
- # non-pkgconfig checks
- ac_cv_lib_ldap_ldap_search=yes
- --without-secrets
- --without-libwbclient
- --without-kcm
- --with-crypto=""
- )
-
- use locator || myconf+=(
- KRB5_CONFIG=/bin/true
- )
- fi
-
- econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
- else
- emake libnss_sss.la pam_sss.la
- use locator && emake sssd_krb5_locator_plugin.la
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
- else
- # easier than playing with automake...
- dopammod .libs/pam_sss.so
-
- into /
- dolib.so .libs/libnss_sss.so*
-
- if use locator; then
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
- fi
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- insinto /etc/sssd
- insopts -m600
- doins "${S}"/src/examples/sssd-example.conf
-
- insinto /etc/logrotate.d
- insopts -m644
- newins "${S}"/src/examples/logrotate sssd
-
- newconfd "${FILESDIR}"/sssd.conf sssd
- newinitd "${FILESDIR}"/sssd sssd
-
- keepdir /var/lib/sss/db
- keepdir /var/lib/sss/deskprofile
- keepdir /var/lib/sss/gpo_cache
- keepdir /var/lib/sss/keytabs
- keepdir /var/lib/sss/mc
- keepdir /var/lib/sss/pipes/private
- keepdir /var/lib/sss/pubconf/krb5.include.d
- keepdir /var/lib/sss/secrets
- keepdir /var/log/sssd
-
- systemd_dounit "${FILESDIR}/${PN}.service"
-}
-
-multilib_src_test() {
- default
-}
-
-pkg_postinst() {
- elog "You must set up sssd.conf (default installed into /etc/sssd)"
- elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html"
-}
diff --git a/sys-auth/sssd/sssd-2.2.3.ebuild b/sys-auth/sssd/sssd-2.2.3.ebuild
deleted file mode 100644
index 044a58e8615..00000000000
--- a/sys-auth/sssd/sssd-2.2.3.ebuild
+++ /dev/null
@@ -1,234 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs
-
-DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
-HOMEPAGE="https://pagure.io/SSSD/sssd"
-SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
-KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEP="
- >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/popt-1.16
- dev-libs/glib:2
- >=dev-libs/ding-libs-0.2
- >=sys-libs/talloc-2.0.7
- >=sys-libs/tdb-1.2.9
- >=sys-libs/tevent-0.9.16
- >=sys-libs/ldb-1.1.17-r1:=
- >=net-nds/openldap-2.4.30[sasl]
- net-libs/http-parser
- >=dev-libs/libpcre-8.30
- >=app-crypt/mit-krb5-1.10.3
- dev-libs/jansson
- net-misc/curl
- locator? (
- >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
- >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
- )
- >=sys-apps/keyutils-1.5:=
- >=net-dns/c-ares-1.7.4
- >=dev-libs/nss-3.12.9
- selinux? (
- >=sys-libs/libselinux-2.1.9
- >=sys-libs/libsemanage-2.1
- )
- >=net-dns/bind-tools-9.9[gssapi]
- >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
- >=sys-apps/dbus-1.6
- acl? ( net-fs/cifs-utils[acl] )
- nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
- nls? ( >=sys-devel/gettext-0.18 )
- virtual/libintl
- netlink? ( dev-libs/libnl:3 )
- samba? ( >=net-fs/samba-4.10.2[winbind] )
- "
-
-RDEPEND="${COMMON_DEP}
- >=sys-libs/glibc-2.17[nscd]
- selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
- "
-DEPEND="${COMMON_DEP}
- test? ( dev-libs/check )
- manpages? (
- >=dev-libs/libxslt-1.1.26
- app-text/docbook-xml-dtd:4.4
- )"
-
-CONFIG_CHECK="~KEYS"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/ipa_hbac.h
- /usr/include/sss_idmap.h
- /usr/include/sss_nss_idmap.h
- /usr/include/wbclient_sssd.h
- # --with-ifp
- /usr/include/sss_sifp.h
- /usr/include/sss_sifp_dbus.h
- # from 1.15.3
- /usr/include/sss_certmap.h
-)
-
-PATCHES=(
- "${FILESDIR}"/${P}-glibc-2.32-compat.patch
-)
-
-pkg_setup() {
- linux-info_pkg_setup
-}
-
-src_prepare() {
- sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
- "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
-
- default
- eautoreconf
- multilib_copy_sources
-}
-
-src_configure() {
- local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- # set initscript to sysv because the systemd option needs systemd to
- # be installed. We provide our own systemd file anyway.
- local myconf=()
- #Work around linker dependency problem.
- append-ldflags "-Wl,--allow-shlib-undefined"
-
- myconf+=(
- --localstatedir="${EPREFIX}"/var
- --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
- --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
- --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
- --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
- --with-os=gentoo
- --with-nscd
- --with-unicode-lib="glib2"
- --disable-rpath
- --sbindir=/usr/sbin
- --without-kcm
- $(use_with samba libwbclient)
- --with-secrets
- $(multilib_native_use_with samba)
- $(multilib_native_use_enable acl cifs-idmap-plugin)
- $(multilib_native_use_with selinux)
- $(multilib_native_use_with selinux semanage)
- $(use_enable locator krb5-locator-plugin)
- $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
- $(use_enable nls )
- $(multilib_native_use_with netlink libnl)
- $(multilib_native_use_with manpages)
- $(multilib_native_use_with sudo)
- $(multilib_native_use_with autofs)
- $(multilib_native_use_with ssh)
- --with-crypto="nss"
- --with-initscript="sysv"
- --without-python2-bindings
- --without-python3-bindings
-
- KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
- )
-
- if ! multilib_is_native_abi; then
- # work-around all the libraries that are used for CLI and server
- myconf+=(
- {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
- # ldb headers are fine since native needs it
- # ldb lib fails... but it does not seem to bother
- {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
-
- # use native include path for dbus (needed for build)
- DBUS_CFLAGS="${native_dbus_cflags}"
-
- # non-pkgconfig checks
- ac_cv_lib_ldap_ldap_search=yes
- --without-secrets
- --without-libwbclient
- --without-kcm
- --with-crypto=""
- )
-
- use locator || myconf+=(
- KRB5_CONFIG=/bin/true
- )
- fi
-
- econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
- else
- emake libnss_sss.la pam_sss.la
- use locator && emake sssd_krb5_locator_plugin.la
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
- else
- # easier than playing with automake...
- dopammod .libs/pam_sss.so
-
- into /
- dolib.so .libs/libnss_sss.so*
-
- if use locator; then
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
- fi
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- insinto /etc/sssd
- insopts -m600
- doins "${S}"/src/examples/sssd-example.conf
-
- insinto /etc/logrotate.d
- insopts -m644
- newins "${S}"/src/examples/logrotate sssd
-
- newconfd "${FILESDIR}"/sssd.conf sssd
- newinitd "${FILESDIR}"/sssd sssd
-
- keepdir /var/lib/sss/db
- keepdir /var/lib/sss/deskprofile
- keepdir /var/lib/sss/gpo_cache
- keepdir /var/lib/sss/keytabs
- keepdir /var/lib/sss/mc
- keepdir /var/lib/sss/pipes/private
- keepdir /var/lib/sss/pubconf/krb5.include.d
- keepdir /var/lib/sss/secrets
- keepdir /var/log/sssd
-
- systemd_dounit "${FILESDIR}/${PN}.service"
-}
-
-multilib_src_test() {
- default
-}
-
-pkg_postinst() {
- elog "You must set up sssd.conf (default installed into /etc/sssd)"
- elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html"
-}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/files/, sys-auth/sssd/
@ 2024-12-01 12:58 Sam James
0 siblings, 0 replies; 7+ messages in thread
From: Sam James @ 2024-12-01 12:58 UTC (permalink / raw
To: gentoo-commits
commit: 6262236eeeb6c1a6306cf10d79f58e9166e30c0b
Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com>
AuthorDate: Tue Jun 11 04:06:34 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Dec 1 12:57:37 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6262236e
sys-auth/sssd: add 2.10.0
Big changes in 2.10.0. A migration will be required as sssd now
runs under its own user. Many USE flags dropped and merged as
they are required anyway: "sudo" is merged as added no dependecies,
so it was dropped, "python" is merged as bits of sssd are written in
Python, so build the bindings anyway. "acl" is merge because sssd
is now capability-based, even in root mode, and "subid" is merged
because sys-apps/shadow is part of the system set, and all versions
of it in the tree support it.
A new USE flag, "passkey" is added to support passkey logins
(LDAP auth only).
Please read https://sssd.io/release-notes/sssd-2.10.0.html as this
is a major change. In particular, the default ldap_id_use_start_tls value
changed from false to true for improved security. This affects Kerberos
users without TLS in particular.
Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/37116
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/sssd/Manifest | 1 +
...uild-remove-superfluous-WITH_IFP-leftover.patch | 33 ++
.../sssd-2.10.0-build-stop-overriding-CFLAGS.patch | 136 ++++++++
...sd-2.10.0_beta2-fix-systemd-systemconfdir.patch | 22 ++
sys-auth/sssd/metadata.xml | 1 +
sys-auth/sssd/sssd-2.10.0.ebuild | 371 +++++++++++++++++++++
6 files changed, 564 insertions(+)
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
index 5cf4abaf188e..257ac8082415 100644
--- a/sys-auth/sssd/Manifest
+++ b/sys-auth/sssd/Manifest
@@ -1 +1,2 @@
+DIST sssd-2.10.0.tar.gz 9177851 BLAKE2B 027a1b9c38841427089d93ff9d8e424c7c1bf9433eea0033ce77a8c13fd1ac65de975a0ab747e1f08a6f9c4253599ed12e8cc364f0db442019603ab1c1932128 SHA512 d237ff135fb21bcd1040787d6dfe8fa383290fbae1f15c6917284beb38dd95ecf6418335302e26be40c65e44e8b44135499eec0b98119ea53a38098ac0bc1e2c
DIST sssd-2.9.5.tar.gz 8001964 BLAKE2B e9c839e58fbeac9e8cba83b726f075c5db6ce85059546d745672c222b594f4aa26ad103f0eb3a8ff9e2b364c3502fb93c639fe9e621fefd6fecd2319f5cb499a SHA512 d219f12ffc75af233f0e4ffc62c0442acc6da3cd94ed4eab7102a78821af5257c8e4ba0d06b2c99c08e06502f8d0d0bcc80540d63823dbe0f52eb0432ae7e14d
diff --git a/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch b/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch
new file mode 100644
index 000000000000..d38fa1989d29
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch
@@ -0,0 +1,33 @@
+From 3476355e8368358f6bc17ec93fb057b739094c3a Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Fri, 18 Oct 2024 12:37:01 +0200
+Subject: [PATCH 1/2] build: remove superfluous WITH_IFP leftover
+
+```
+$ autoreconf && configure
+...
+./configure: line 18674: WITH_IFP: command not found
+```
+
+Fixes: 2.10.0-beta2-63-ge5140ab08
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ configure.ac | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 380c16ba8..b5222ae97 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -187,7 +187,6 @@ WITH_SUBID_LIB_PATH
+ WITH_PASSKEY
+ WITH_SSH
+ WITH_SSH_KNOWN_HOSTS_PROXY
+-WITH_IFP
+ WITH_LIBSIFP
+ WITH_SYSLOG
+ WITH_SAMBA
+--
+2.45.2
+
diff --git a/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch b/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch
new file mode 100644
index 000000000000..4545ed20f840
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch
@@ -0,0 +1,136 @@
+From c0b28db6f9ca33ebe11434c84c37e34ddb047280 Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Fri, 18 Oct 2024 12:46:28 +0200
+Subject: [PATCH 2/2] build: stop overriding CFLAGS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CFLAGS is reserved for the user. configure must finish in an
+idempotent state and not touch it, pursuant to automake.info §3.6
+"Variables reserved for the user".
+
+Observed:
+
+```
+$ ./configure && make CFLAGS=-O1
+…
+libtool: compile: gcc -DHAVE_CONFIG_H -I. -Wall -I..
+-I./src/sss_client -I./src -I. -I/usr/include/samba-4.0
+-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
+-I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\"
+-DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\"
+-DSSS_STATEDIR=\"/usr/local/var/lib/sss\"
+-DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\"
+-DSSSDDATADIR=\"/usr/local/share/sssd\"
+-DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\"
+-DSSSD_CONF_DIR=\"/usr/local/etc/sssd\"
+-DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\"
+-DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\"
+-DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\"
+-DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\"
+-DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\"
+-DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\"
+-DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\"
+-DLOCALEDIR=\"/usr/local/share/locale\"
+-DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow
+-Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
+-Wwrite-strings -Wundef -Werror-implicit-function-declaration
+-Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
+-O1 -MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF
+src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c src/db/sysdb_ops.c -fPIC
+-DPIC -o src/db/.libs/libsss_util_la-sysdb_ops.o
+```
+
+Expected:
+
+```
+libtool: compile: gcc -DHAVE_CONFIG_H -I. -Wall -I..
+-I./src/sss_client -I./src -I. -I/usr/include/samba-4.0
+-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
+-I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\"
+-DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\"
+-DSSS_STATEDIR=\"/usr/local/var/lib/sss\"
+-DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\"
+-DSSSDDATADIR=\"/usr/local/share/sssd\"
+-DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\"
+-DSSSD_CONF_DIR=\"/usr/local/etc/sssd\"
+-DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\"
+-DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\"
+-DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\"
+-DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\"
+-DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\"
+-DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\"
+-DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\"
+-DLOCALEDIR=\"/usr/local/share/locale\"
+-DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow
+-Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
+-Wwrite-strings -Wundef -Werror-implicit-function-declaration
+-Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
+-O1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
+-MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF
+src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c
+```
+
+Fixes: sssd-1_3_0-3-g551aa6c36
+
+Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ Makefile.am | 2 +-
+ configure.ac | 3 ++-
+ src/tests/cwrap/Makefile.am | 1 +
+ src/tests/intg/Makefile.am | 1 +
+ 4 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 839b25eae..93c7ce088 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -137,7 +137,7 @@ ifp_non_root_owner_policy =
+ endif
+
+
+-AM_CFLAGS =
++AM_CFLAGS = $(my_CFLAGS)
+ if WANT_AUX_INFO
+ AM_CFLAGS += -aux-info $@.X
+ endif
+diff --git a/configure.ac b/configure.ac
+index b5222ae97..bf172e2ec 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -11,7 +11,8 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
+ [AC_USE_SYSTEM_EXTENSIONS],
+ [AC_GNU_SOURCE])
+
+-CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
++my_CFLAGS="-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
++AC_SUBST([my_CFLAGS])
+
+
+ AM_INIT_AUTOMAKE([-Wall -Wno-portability foreign subdir-objects tar-pax
+diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
+index 797d9e640..653687d24 100644
+--- a/src/tests/cwrap/Makefile.am
++++ b/src/tests/cwrap/Makefile.am
+@@ -22,6 +22,7 @@ AM_CPPFLAGS = \
+ $(OPENLDAP_CFLAGS) \
+ $(GLIB2_CFLAGS) \
+ $(NULL)
++AM_CFLAGS = $(my_CFLAGS)
+
+ TESTS_ENVIRONMENT = \
+ CWRAP_TEST_SRCDIR=$(abs_srcdir) \
+diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
+index 802cbe18b..e2f8066a8 100644
+--- a/src/tests/intg/Makefile.am
++++ b/src/tests/intg/Makefile.am
+@@ -1,3 +1,4 @@
++AM_CFLAGS = $(my_CFLAGS)
+ dist_noinst_DATA = \
+ __init__.py \
+ config.py.m4 \
+--
+2.45.2
+
diff --git a/sys-auth/sssd/files/sssd-2.10.0_beta2-fix-systemd-systemconfdir.patch b/sys-auth/sssd/files/sssd-2.10.0_beta2-fix-systemd-systemconfdir.patch
new file mode 100644
index 000000000000..9959199d223b
--- /dev/null
+++ b/sys-auth/sssd/files/sssd-2.10.0_beta2-fix-systemd-systemconfdir.patch
@@ -0,0 +1,22 @@
+diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
+index c0efc3ad1..07fef0c1a 100644
+--- a/src/conf_macros.m4
++++ b/src/conf_macros.m4
+@@ -227,14 +227,14 @@ AC_DEFUN([WITH_SYSTEMD_CONF_DIR],
+ if test x"$with_systemdconfdir" != x; then
+ systemdconfdir=$with_systemdconfdir
+ else
+- pkgconfigdir=${prefix}$($PKG_CONFIG --variable=systemdsystemconfdir systemd)
++ pkgconfigdir=$($PKG_CONFIG --variable=systemdsystemconfdir systemd)
+ if test x"$pkgconfigdir" = x; then
+ AC_MSG_ERROR([Could not detect systemd config directory])
+ fi
+- if test "${pkgconfigdir:0:${#prefix}}" = "${prefix}"; then
++ if test "${pkgconfigdir:0:${#sysconfdir}}" = "${sysconfdir}"; then
+ systemdconfdir=${pkgconfigdir}
+ else
+- systemdconfdir=${prefix}${pkgconfigdir}
++ systemdconfdir=${sysconfdir}${pkgconfigdir}
+ fi
+ fi
+ AC_SUBST(systemdconfdir, [$systemdconfdir/sssd.service.d])
diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml
index f1d1125d52ca..09bfecfe2361 100644
--- a/sys-auth/sssd/metadata.xml
+++ b/sys-auth/sssd/metadata.xml
@@ -17,6 +17,7 @@
<flag name="acl"> Build and use the cifsidmap plugin</flag>
<flag name="netlink">Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag>
<flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-fs/nfs-utils</pkg></flag>
+ <flag name="passkey">Add support for FIDO2 passkeys"</flag>
<flag name="samba">Add Privileged Attribute Certificate Support for Kerberos</flag>
<flag name="subid">Support subordinate uid and gid ranges in FreeIPA</flag>
<flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag>
diff --git a/sys-auth/sssd/sssd-2.10.0.ebuild b/sys-auth/sssd/sssd-2.10.0.ebuild
new file mode 100644
index 000000000000..b885b50db19b
--- /dev/null
+++ b/sys-auth/sssd/sssd-2.10.0.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk"
+PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN"
+PLOCALE_BACKUP="sv"
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit autotools linux-info multilib-minimal optfeature plocale \
+ python-single-r1 pam systemd tmpfiles udev toolchain-funcs
+
+DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
+HOMEPAGE="https://github.com/SSSD/sssd"
+if [[ ${PV} != 9999 ]]; then
+ SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
+else
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/SSSD/sssd.git"
+ EGIT_BRANCH="master"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="doc +netlink nfsv4 nls passkey samba selinux systemd systemtap test"
+REQUIRED_USE=" ( ${PYTHON_REQUIRED_USE} ) "
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}]
+ app-crypt/p11-kit
+ >=dev-libs/ding-libs-0.2
+ >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
+ dev-libs/jansson:=
+ dev-libs/libpcre2:=
+ dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+ >=dev-libs/popt-1.16
+ >=dev-libs/openssl-1.0.2:=
+ >=net-dns/bind-tools-9.9[gssapi]
+ >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}]
+ >=net-nds/openldap-2.4.30:=[sasl,experimental]
+ net-fs/cifs-utils[acl]
+ >=sys-apps/dbus-1.6
+ >=sys-apps/keyutils-1.5:=
+ sys-libs/libcap
+ >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
+ >=sys-libs/talloc-2.0.7
+ >=sys-libs/tdb-1.2.9
+ >=sys-libs/tevent-0.9.16
+ virtual/ldb:=
+ virtual/libintl
+ netlink? ( dev-libs/libnl:3 )
+ nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 )
+ nls? ( >=sys-devel/gettext-0.18 )
+ passkey? ( dev-libs/libfido2:= )
+ ${PYTHON_DEPS}
+ systemd? (
+ $(python_gen_cond_dep '
+ dev-python/python-systemd[${PYTHON_USEDEP}]
+ ')
+ )
+ samba? ( >=net-fs/samba-4.10.2[winbind] )
+ selinux? (
+ >=sys-libs/libselinux-2.1.9
+ >=sys-libs/libsemanage-2.1
+ )
+ systemd? (
+ sys-apps/systemd:=
+ sys-apps/util-linux
+ )
+ systemtap? ( dev-debug/systemtap )"
+RDEPEND="${DEPEND}
+ acct-user/sssd
+ acct-group/sssd
+ passkey? ( sys-apps/pcsc-lite[policykit] )
+ selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )"
+BDEPEND="
+ acct-user/sssd
+ acct-group/sssd
+ sys-libs/libcap
+ virtual/pkgconfig
+ ${PYTHON_DEPS}
+ doc? ( app-text/doxygen )
+ nls? ( app-text/po4a
+ sys-devel/gettext )
+ test? (
+ dev-libs/check
+ dev-libs/softhsm:2
+ dev-util/cmocka
+ net-libs/gnutls[pkcs11,tools]
+ sys-libs/libfaketime
+ sys-libs/nss_wrapper
+ sys-libs/pam_wrapper
+ sys-libs/uid_wrapper
+ )
+ app-text/docbook-xml-dtd:4.4
+ >=dev-libs/libxslt-1.1.26
+"
+
+CONFIG_CHECK="~KEYS"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch"
+ "${FILESDIR}/${PN}-2.10.0_beta2-fix-systemd-systemconfdir.patch"
+ "${FILESDIR}/${PN}-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch"
+ "${FILESDIR}/${PN}-2.10.0-build-stop-overriding-CFLAGS.patch"
+)
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/ipa_hbac.h
+ /usr/include/sss_idmap.h
+ /usr/include/sss_nss_idmap.h
+ # --with-ifp
+ /usr/include/sss_sifp.h
+ /usr/include/sss_sifp_dbus.h
+ # from 1.15.3
+ /usr/include/sss_certmap.h
+)
+
+sssd_migrate_files() {
+ if has_version "<=sys-auth/sssd-2.9.9999"
+ then
+ einfo "Checking if sssd is running"
+ if [ -f /run/sssd.pid ]
+ then
+ elog "Please stop sssd after installing before"
+ elog "performing the migration process"
+ fi
+ einfo "Checking if /var/lib/sss ownership"
+ if [ -d /var/lib/sss ] && [ $(stat -c "%U:%G" /var/lib/sss) != "sssd:sssd" ]
+ then
+ elog "After installing, please execute"
+ elog "chown -R sssd:sssd /var/lib/sss"
+ fi
+ einfo "Checking if /var/log/sssd ownership"
+ if [ -d /var/log/sssd ] && [ $(stat -c "%U:%G" /var/log/sssd) != "sssd:sssd" ]
+ then
+ elog "After installing, please execute"
+ elog "chown -R sssd:sssd /var/log/sssd"
+ fi
+ einfo "Checking if /etc/sssd ownership"
+ if ! use systemd && [ -d /etc/sssd ] && [ $(stat -c "%U:%G" /etc/sssd) != "root:sssd" ]
+ then
+ elog "After installing, please execute"
+ elog "chown -R root:sssd /etc/sssd"
+ fi
+ fi
+}
+
+pkg_setup() {
+ linux-info_pkg_setup
+ python-single-r1_pkg_setup
+
+ sssd_migrate_files
+}
+
+src_prepare() {
+ default
+
+ plocale_get_locales > src/man/po/LINGUAS || die
+
+ sed -i \
+ -e "/_langs]/ s/ .*//" \
+ src/man/po/po4a.cfg \
+ || die
+ enable_locale() {
+ local locale=${1}
+
+ sed -i \
+ -e "/_langs]/ s/$/ ${locale}/" \
+ src/man/po/po4a.cfg \
+ || die
+ }
+
+ plocale_for_each_locale enable_locale
+
+ PLOCALES="${PLOCALES_BIN}"
+ plocale_get_locales > po/LINGUAS || die
+
+ sed -i \
+ -e 's:/var/run:/run:' \
+ src/examples/logrotate \
+ || die
+
+ # disable flaky test, see https://github.com/SSSD/sssd/issues/5631
+ sed -i \
+ -e '/^\s*pam-srv-tests[ \\]*$/d' \
+ Makefile.am \
+ || die
+
+ # requires valgrind headers installed
+ sed -i \
+ -e '/^\s*test-iobuf[ \\]*$/d' \
+ Makefile.am \
+ || die
+
+ eautoreconf
+
+ multilib_copy_sources
+}
+
+src_configure() {
+ local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die)
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ myconf+=(
+ --libexecdir="${EPREFIX}"/usr/libexec
+ --localstatedir="${EPREFIX}"/var
+ --runstatedir="${EPREFIX}"/run
+ --sbindir="${EPREFIX}"/usr/sbin
+ --with-pid-path="${EPREFIX}"/run/sssd
+ --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
+ --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
+ --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
+ --with-db-path="${EPREFIX}"/var/lib/sss/db
+ --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache
+ --with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf
+ --with-pipe-path="${EPREFIX}"/var/lib/sss/pipes
+ --with-mcache-path="${EPREFIX}"/var/lib/sss/mc
+ --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
+ --with-log-path="${EPREFIX}"/var/log/sssd
+ --with-tmpfilesdir=/usr/lib/tmpfiles.d
+ --with-udevrulesdir="$(get_udevdir)/rules.d"
+ --with-kcm
+ --enable-kcm-renewal
+ --with-os=gentoo
+ --disable-rpath
+ --disable-static
+ # Valgrind is only used for tests
+ --disable-valgrind
+ $(use_with samba)
+ --with-smb-idmap-interface-version=6
+ --enable-cifs-idmap-plugin
+ $(multilib_native_use_with selinux)
+ --enable-krb5-locator-plugin
+ $(use_enable samba pac-responder)
+ $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
+ $(use_enable nls)
+ $(multilib_native_use_with netlink libnl)
+ --with-manpages
+ --with-sudo
+ $(multilib_native_with autofs)
+ $(multilib_native_with ssh)
+ --without-oidc-child
+ $(multilib_native_with passkey)
+ --with-subid
+ $(use_enable systemtap)
+ --without-python2-bindings
+ --with-python3-bindings
+ # Annoyingly configure requires that you pick systemd XOR sysv
+ --with-initscript=$(usex systemd systemd sysv)
+ --with-sssd-user=sssd
+ CPPFLAGS="${CPPFLAGS} -I/usr/include/samba-4.0"
+ )
+
+ use systemd && myconf+=(
+ --with-systemdunitdir=$(systemd_get_systemunitdir)
+ )
+
+ if ! multilib_is_native_abi; then
+ # work-around all the libraries that are used for CLI and server
+ myconf+=(
+ {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
+ # ldb headers are fine since native needs it
+ # ldb lib fails... but it does not seem to bother
+ {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
+ {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
+ {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' '
+
+ # use native include path for dbus (needed for build)
+ DBUS_CFLAGS="${native_dbus_cflags}"
+
+ # non-pkgconfig checks
+ ac_cv_lib_ldap_ldap_search=yes
+ --without-kcm
+ --without-manpages
+ )
+ fi
+
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+ use doc && emake docs
+ else
+ emake libnss_sss.la pam_sss.la pam_sss_gss.la
+ emake sssd_krb5_locator_plugin.la
+ use samba && emake sssd_pac_plugin.la
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ local -x CK_TIMEOUT_MULTIPLIER=10
+ emake check VERBOSE=yes
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake -j1 DESTDIR="${D}" install
+ python_fix_shebang "${ED}"
+ python_optimize
+ else
+ # easier than playing with automake...
+ dopammod .libs/pam_sss.so
+ dopammod .libs/pam_sss_gss.so
+
+ into /
+ dolib.so .libs/libnss_sss.so*
+
+ exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
+ doexe .libs/sssd_krb5_locator_plugin.so
+
+ if use samba; then
+ exeinto /usr/$(get_libdir)/krb5/plugins/authdata
+ doexe .libs/sssd_pac_plugin.so
+ fi
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+
+ insinto /etc/sssd
+ insopts -m600
+ doins src/examples/sssd-example.conf
+
+ insinto /etc/logrotate.d
+ insopts -m644
+ newins src/examples/logrotate sssd
+
+ newconfd "${FILESDIR}"/sssd.conf sssd
+
+ keepdir /var/lib/sss/db
+ keepdir /var/lib/sss/deskprofile
+ keepdir /var/lib/sss/gpo_cache
+ keepdir /var/lib/sss/keytabs
+ keepdir /var/lib/sss/mc
+ keepdir /var/lib/sss/pipes/private
+ keepdir /var/lib/sss/pubconf/krb5.include.d
+ keepdir /var/lib/sss/secrets
+ keepdir /var/log/sssd
+ keepdir /etc/sssd/conf.d
+ keepdir /etc/sssd/pki
+
+ # strip empty dirs
+ if ! use doc; then
+ rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
+ rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die
+ fi
+
+ rm -r "${ED}"/run || die
+ find "${ED}" -type f -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ tmpfiles_process sssd-tmpfiles.conf
+ elog "You must set up sssd.conf (default installed into /etc/sssd)"
+ elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
+ elog "features."
+ optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli
+}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/files/, sys-auth/sssd/
@ 2024-12-11 1:53 Sam James
0 siblings, 0 replies; 7+ messages in thread
From: Sam James @ 2024-12-11 1:53 UTC (permalink / raw
To: gentoo-commits
commit: 3d3263756ee5a42cc657676d9c94c953af1aebb4
Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com>
AuthorDate: Tue Dec 10 16:10:57 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Dec 11 01:52:06 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d326375
sys-auth/sssd: drop 2.10.0
Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/39667
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/sssd/Manifest | 1 -
...uild-remove-superfluous-WITH_IFP-leftover.patch | 33 --
.../sssd-2.10.0-build-stop-overriding-CFLAGS.patch | 136 --------
sys-auth/sssd/sssd-2.10.0.ebuild | 371 ---------------------
4 files changed, 541 deletions(-)
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
index 60e1d4ca105b..de81a725995a 100644
--- a/sys-auth/sssd/Manifest
+++ b/sys-auth/sssd/Manifest
@@ -1,4 +1,3 @@
-DIST sssd-2.10.0.tar.gz 9177851 BLAKE2B 027a1b9c38841427089d93ff9d8e424c7c1bf9433eea0033ce77a8c13fd1ac65de975a0ab747e1f08a6f9c4253599ed12e8cc364f0db442019603ab1c1932128 SHA512 d237ff135fb21bcd1040787d6dfe8fa383290fbae1f15c6917284beb38dd95ecf6418335302e26be40c65e44e8b44135499eec0b98119ea53a38098ac0bc1e2c
DIST sssd-2.10.1.tar.gz 9196848 BLAKE2B 9e0677972ee37c4156dcfa86459af97e25d14651ccded87866fd7f18a23d318b578cd98d072afaafa50ae9c68eaf361955aefba1f31de8cf8dac1ca404321146 SHA512 001ff9cd60aa510ead11e418a1b96714136cc270b29551027cb12c340744890b358da5900a10863d4df649ad073f14f6f26c28e3f973b1cd5c2ab61f2a2a045b
DIST sssd-2.9.5.tar.gz 8001964 BLAKE2B e9c839e58fbeac9e8cba83b726f075c5db6ce85059546d745672c222b594f4aa26ad103f0eb3a8ff9e2b364c3502fb93c639fe9e621fefd6fecd2319f5cb499a SHA512 d219f12ffc75af233f0e4ffc62c0442acc6da3cd94ed4eab7102a78821af5257c8e4ba0d06b2c99c08e06502f8d0d0bcc80540d63823dbe0f52eb0432ae7e14d
DIST sssd-2.9.6.tar.gz 9136447 BLAKE2B 9ba4faa66d56150de58e86588bd0dedb02ff2f155fa118a35cd981885fed6cab5fdf13373f575a41691c87b4d18c586cba717b399e3826675eee1b0f8da967b7 SHA512 d9a35fc12022f0a2aa73be373b396411fc69b2fe5489ab93d17813a4c75b3ec30e598d5748ab202f7588039b465e11d616ce546cd5fe5439fa8edd9ac8cda69a
diff --git a/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch b/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch
deleted file mode 100644
index d38fa1989d29..000000000000
--- a/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 3476355e8368358f6bc17ec93fb057b739094c3a Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Fri, 18 Oct 2024 12:37:01 +0200
-Subject: [PATCH 1/2] build: remove superfluous WITH_IFP leftover
-
-```
-$ autoreconf && configure
-...
-./configure: line 18674: WITH_IFP: command not found
-```
-
-Fixes: 2.10.0-beta2-63-ge5140ab08
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- configure.ac | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 380c16ba8..b5222ae97 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -187,7 +187,6 @@ WITH_SUBID_LIB_PATH
- WITH_PASSKEY
- WITH_SSH
- WITH_SSH_KNOWN_HOSTS_PROXY
--WITH_IFP
- WITH_LIBSIFP
- WITH_SYSLOG
- WITH_SAMBA
---
-2.45.2
-
diff --git a/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch b/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch
deleted file mode 100644
index 4545ed20f840..000000000000
--- a/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-From c0b28db6f9ca33ebe11434c84c37e34ddb047280 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Fri, 18 Oct 2024 12:46:28 +0200
-Subject: [PATCH 2/2] build: stop overriding CFLAGS
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CFLAGS is reserved for the user. configure must finish in an
-idempotent state and not touch it, pursuant to automake.info §3.6
-"Variables reserved for the user".
-
-Observed:
-
-```
-$ ./configure && make CFLAGS=-O1
-…
-libtool: compile: gcc -DHAVE_CONFIG_H -I. -Wall -I..
--I./src/sss_client -I./src -I. -I/usr/include/samba-4.0
--I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
--I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\"
--DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\"
--DSSS_STATEDIR=\"/usr/local/var/lib/sss\"
--DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\"
--DSSSDDATADIR=\"/usr/local/share/sssd\"
--DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\"
--DSSSD_CONF_DIR=\"/usr/local/etc/sssd\"
--DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\"
--DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\"
--DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\"
--DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\"
--DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\"
--DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\"
--DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\"
--DLOCALEDIR=\"/usr/local/share/locale\"
--DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow
--Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
--Wwrite-strings -Wundef -Werror-implicit-function-declaration
--Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
--O1 -MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF
-src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c src/db/sysdb_ops.c -fPIC
--DPIC -o src/db/.libs/libsss_util_la-sysdb_ops.o
-```
-
-Expected:
-
-```
-libtool: compile: gcc -DHAVE_CONFIG_H -I. -Wall -I..
--I./src/sss_client -I./src -I. -I/usr/include/samba-4.0
--I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
--I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\"
--DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\"
--DSSS_STATEDIR=\"/usr/local/var/lib/sss\"
--DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\"
--DSSSDDATADIR=\"/usr/local/share/sssd\"
--DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\"
--DSSSD_CONF_DIR=\"/usr/local/etc/sssd\"
--DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\"
--DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\"
--DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\"
--DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\"
--DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\"
--DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\"
--DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\"
--DLOCALEDIR=\"/usr/local/share/locale\"
--DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow
--Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
--Wwrite-strings -Wundef -Werror-implicit-function-declaration
--Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
--O1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
--MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF
-src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c
-```
-
-Fixes: sssd-1_3_0-3-g551aa6c36
-
-Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- Makefile.am | 2 +-
- configure.ac | 3 ++-
- src/tests/cwrap/Makefile.am | 1 +
- src/tests/intg/Makefile.am | 1 +
- 4 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 839b25eae..93c7ce088 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -137,7 +137,7 @@ ifp_non_root_owner_policy =
- endif
-
-
--AM_CFLAGS =
-+AM_CFLAGS = $(my_CFLAGS)
- if WANT_AUX_INFO
- AM_CFLAGS += -aux-info $@.X
- endif
-diff --git a/configure.ac b/configure.ac
-index b5222ae97..bf172e2ec 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -11,7 +11,8 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
- [AC_USE_SYSTEM_EXTENSIONS],
- [AC_GNU_SOURCE])
-
--CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
-+my_CFLAGS="-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
-+AC_SUBST([my_CFLAGS])
-
-
- AM_INIT_AUTOMAKE([-Wall -Wno-portability foreign subdir-objects tar-pax
-diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
-index 797d9e640..653687d24 100644
---- a/src/tests/cwrap/Makefile.am
-+++ b/src/tests/cwrap/Makefile.am
-@@ -22,6 +22,7 @@ AM_CPPFLAGS = \
- $(OPENLDAP_CFLAGS) \
- $(GLIB2_CFLAGS) \
- $(NULL)
-+AM_CFLAGS = $(my_CFLAGS)
-
- TESTS_ENVIRONMENT = \
- CWRAP_TEST_SRCDIR=$(abs_srcdir) \
-diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
-index 802cbe18b..e2f8066a8 100644
---- a/src/tests/intg/Makefile.am
-+++ b/src/tests/intg/Makefile.am
-@@ -1,3 +1,4 @@
-+AM_CFLAGS = $(my_CFLAGS)
- dist_noinst_DATA = \
- __init__.py \
- config.py.m4 \
---
-2.45.2
-
diff --git a/sys-auth/sssd/sssd-2.10.0.ebuild b/sys-auth/sssd/sssd-2.10.0.ebuild
deleted file mode 100644
index 204d1d9d440c..000000000000
--- a/sys-auth/sssd/sssd-2.10.0.ebuild
+++ /dev/null
@@ -1,371 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk"
-PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN"
-PLOCALE_BACKUP="sv"
-PYTHON_COMPAT=( python3_{10..12} )
-
-inherit autotools linux-info multilib-minimal optfeature plocale \
- python-single-r1 pam systemd tmpfiles udev toolchain-funcs
-
-DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
-HOMEPAGE="https://github.com/SSSD/sssd"
-if [[ ${PV} != 9999 ]]; then
- SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"
-else
- inherit git-r3
- EGIT_REPO_URI="https://github.com/SSSD/sssd.git"
- EGIT_BRANCH="master"
-fi
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="doc +netlink nfsv4 nls passkey samba selinux systemd systemtap test"
-REQUIRED_USE=" ( ${PYTHON_REQUIRED_USE} ) "
-RESTRICT="!test? ( test )"
-
-DEPEND="
- >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}]
- app-crypt/p11-kit
- >=dev-libs/ding-libs-0.2
- >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
- dev-libs/jansson:=
- dev-libs/libpcre2:=
- dev-libs/libunistring:=[${MULTILIB_USEDEP}]
- >=dev-libs/popt-1.16
- >=dev-libs/openssl-1.0.2:=
- >=net-dns/bind-tools-9.9[gssapi]
- >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}]
- >=net-nds/openldap-2.4.30:=[sasl,experimental]
- net-fs/cifs-utils[acl]
- >=sys-apps/dbus-1.6
- >=sys-apps/keyutils-1.5:=
- sys-libs/libcap
- >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
- >=sys-libs/talloc-2.0.7
- >=sys-libs/tdb-1.2.9
- >=sys-libs/tevent-0.9.16
- virtual/ldb:=
- virtual/libintl
- netlink? ( dev-libs/libnl:3 )
- nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 )
- nls? ( >=sys-devel/gettext-0.18 )
- passkey? ( dev-libs/libfido2:= )
- ${PYTHON_DEPS}
- systemd? (
- $(python_gen_cond_dep '
- dev-python/python-systemd[${PYTHON_USEDEP}]
- ')
- )
- samba? ( >=net-fs/samba-4.10.2[winbind] )
- selinux? (
- >=sys-libs/libselinux-2.1.9
- >=sys-libs/libsemanage-2.1
- )
- systemd? (
- sys-apps/systemd:=
- sys-apps/util-linux
- )
- systemtap? ( dev-debug/systemtap )"
-RDEPEND="${DEPEND}
- acct-user/sssd
- acct-group/sssd
- passkey? ( sys-apps/pcsc-lite[policykit] )
- selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )"
-BDEPEND="
- acct-user/sssd
- acct-group/sssd
- sys-libs/libcap
- virtual/pkgconfig
- ${PYTHON_DEPS}
- doc? ( app-text/doxygen )
- nls? ( app-text/po4a
- sys-devel/gettext )
- test? (
- dev-libs/check
- dev-libs/softhsm:2
- dev-util/cmocka
- net-libs/gnutls[pkcs11,tools]
- sys-libs/libfaketime
- sys-libs/nss_wrapper
- sys-libs/pam_wrapper
- sys-libs/uid_wrapper
- )
- app-text/docbook-xml-dtd:4.4
- >=dev-libs/libxslt-1.1.26
-"
-
-CONFIG_CHECK="~KEYS"
-
-PATCHES=(
- "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch"
- "${FILESDIR}/${PN}-2.10.0_beta2-fix-systemd-systemconfdir.patch"
- "${FILESDIR}/${PN}-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch"
- "${FILESDIR}/${PN}-2.10.0-build-stop-overriding-CFLAGS.patch"
-)
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/ipa_hbac.h
- /usr/include/sss_idmap.h
- /usr/include/sss_nss_idmap.h
- # --with-ifp
- /usr/include/sss_sifp.h
- /usr/include/sss_sifp_dbus.h
- # from 1.15.3
- /usr/include/sss_certmap.h
-)
-
-sssd_migrate_files() {
- if has_version "<=sys-auth/sssd-2.9.9999"
- then
- einfo "Checking if sssd is running"
- if [ -f /run/sssd.pid ]
- then
- elog "Please stop sssd after installing before"
- elog "performing the migration process"
- fi
- einfo "Checking if /var/lib/sss ownership"
- if [ -d /var/lib/sss ] && [ $(stat -c "%U:%G" /var/lib/sss) != "sssd:sssd" ]
- then
- elog "After installing, please execute"
- elog "chown -R sssd:sssd /var/lib/sss"
- fi
- einfo "Checking if /var/log/sssd ownership"
- if [ -d /var/log/sssd ] && [ $(stat -c "%U:%G" /var/log/sssd) != "sssd:sssd" ]
- then
- elog "After installing, please execute"
- elog "chown -R sssd:sssd /var/log/sssd"
- fi
- einfo "Checking if /etc/sssd ownership"
- if ! use systemd && [ -d /etc/sssd ] && [ $(stat -c "%U:%G" /etc/sssd) != "root:sssd" ]
- then
- elog "After installing, please execute"
- elog "chown -R root:sssd /etc/sssd"
- fi
- fi
-}
-
-pkg_setup() {
- linux-info_pkg_setup
- python-single-r1_pkg_setup
-
- sssd_migrate_files
-}
-
-src_prepare() {
- default
-
- plocale_get_locales > src/man/po/LINGUAS || die
-
- sed -i \
- -e "/_langs]/ s/ .*//" \
- src/man/po/po4a.cfg \
- || die
- enable_locale() {
- local locale=${1}
-
- sed -i \
- -e "/_langs]/ s/$/ ${locale}/" \
- src/man/po/po4a.cfg \
- || die
- }
-
- plocale_for_each_locale enable_locale
-
- PLOCALES="${PLOCALES_BIN}"
- plocale_get_locales > po/LINGUAS || die
-
- sed -i \
- -e 's:/var/run:/run:' \
- src/examples/logrotate \
- || die
-
- # disable flaky test, see https://github.com/SSSD/sssd/issues/5631
- sed -i \
- -e '/^\s*pam-srv-tests[ \\]*$/d' \
- Makefile.am \
- || die
-
- # requires valgrind headers installed
- sed -i \
- -e '/^\s*test_iobuf[ \\]*$/d' \
- Makefile.am \
- || die
-
- eautoreconf
-
- multilib_copy_sources
-}
-
-src_configure() {
- local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die)
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- myconf+=(
- --libexecdir="${EPREFIX}"/usr/libexec
- --localstatedir="${EPREFIX}"/var
- --runstatedir="${EPREFIX}"/run
- --sbindir="${EPREFIX}"/usr/sbin
- --with-pid-path="${EPREFIX}"/run/sssd
- --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
- --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
- --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
- --with-db-path="${EPREFIX}"/var/lib/sss/db
- --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache
- --with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf
- --with-pipe-path="${EPREFIX}"/var/lib/sss/pipes
- --with-mcache-path="${EPREFIX}"/var/lib/sss/mc
- --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets
- --with-log-path="${EPREFIX}"/var/log/sssd
- --with-tmpfilesdir=/usr/lib/tmpfiles.d
- --with-udevrulesdir="$(get_udevdir)/rules.d"
- --with-kcm
- --enable-kcm-renewal
- --with-os=gentoo
- --disable-rpath
- --disable-static
- # Valgrind is only used for tests
- --disable-valgrind
- $(use_with samba)
- --with-smb-idmap-interface-version=6
- --enable-cifs-idmap-plugin
- $(multilib_native_use_with selinux)
- --enable-krb5-locator-plugin
- $(use_enable samba pac-responder)
- $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
- $(use_enable nls)
- $(multilib_native_use_with netlink libnl)
- --with-manpages
- --with-sudo
- $(multilib_native_with autofs)
- $(multilib_native_with ssh)
- --without-oidc-child
- $(multilib_native_with passkey)
- --with-subid
- $(use_enable systemtap)
- --without-python2-bindings
- $(multilib_native_with python3-bindings)
- # Annoyingly configure requires that you pick systemd XOR sysv
- --with-initscript=$(usex systemd systemd sysv)
- --with-sssd-user=sssd
- CPPFLAGS="${CPPFLAGS} -I/usr/include/samba-4.0"
- )
-
- use systemd && myconf+=(
- --with-systemdunitdir=$(systemd_get_systemunitdir)
- )
-
- if ! multilib_is_native_abi; then
- # work-around all the libraries that are used for CLI and server
- myconf+=(
- {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
- # ldb headers are fine since native needs it
- # ldb lib fails... but it does not seem to bother
- {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' '
- {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' '
-
- # use native include path for dbus (needed for build)
- DBUS_CFLAGS="${native_dbus_cflags}"
-
- # non-pkgconfig checks
- ac_cv_lib_ldap_ldap_search=yes
- --without-kcm
- --without-manpages
- )
- fi
-
- econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
- use doc && emake docs
- else
- emake libnss_sss.la pam_sss.la pam_sss_gss.la
- emake sssd_krb5_locator_plugin.la
- use samba && emake sssd_pac_plugin.la
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- local -x CK_TIMEOUT_MULTIPLIER=10
- emake check VERBOSE=yes
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake -j1 DESTDIR="${D}" install
- python_fix_shebang "${ED}"
- python_optimize
- else
- # easier than playing with automake...
- dopammod .libs/pam_sss.so
- dopammod .libs/pam_sss_gss.so
-
- into /
- dolib.so .libs/libnss_sss.so*
-
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
-
- if use samba; then
- exeinto /usr/$(get_libdir)/krb5/plugins/authdata
- doexe .libs/sssd_pac_plugin.so
- fi
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
-
- insinto /etc/sssd
- insopts -m600
- doins src/examples/sssd-example.conf
-
- insinto /etc/logrotate.d
- insopts -m644
- newins src/examples/logrotate sssd
-
- newconfd "${FILESDIR}"/sssd.conf sssd
-
- keepdir /var/lib/sss/db
- keepdir /var/lib/sss/deskprofile
- keepdir /var/lib/sss/gpo_cache
- keepdir /var/lib/sss/keytabs
- keepdir /var/lib/sss/mc
- keepdir /var/lib/sss/pipes/private
- keepdir /var/lib/sss/pubconf/krb5.include.d
- keepdir /var/lib/sss/secrets
- keepdir /var/log/sssd
- keepdir /etc/sssd/conf.d
- keepdir /etc/sssd/pki
-
- # strip empty dirs
- if ! use doc; then
- rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die
- rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die
- fi
-
- rm -r "${ED}"/run || die
- find "${ED}" -type f -name '*.la' -delete || die
-}
-
-pkg_postinst() {
- tmpfiles_process sssd-tmpfiles.conf
- elog "You must set up sssd.conf (default installed into /etc/sssd)"
- elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features."
- optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli
-}
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-12-11 1:54 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-11 1:53 [gentoo-commits] repo/gentoo:master commit in: sys-auth/sssd/files/, sys-auth/sssd/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-12-01 12:58 Sam James
2020-10-18 15:50 Mikle Kolyada
2020-10-10 11:41 Mikle Kolyada
2020-08-14 20:42 Matt Turner
2019-03-08 15:10 Mikle Kolyada
2018-12-16 19:23 Mikle Kolyada
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox