diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2013-04-16 03:58:39 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2013-04-16 03:58:39 +0000 |
commit | 1874c21dfd696e1e105223c9cdafde7577dd2be4 (patch) | |
tree | 9eb4e790a1219333db8ef3d3100910cb285c470f /net-nds | |
parent | masked media-sound/google-musicmanager (diff) | |
download | historical-1874c21dfd696e1e105223c9cdafde7577dd2be4.tar.gz historical-1874c21dfd696e1e105223c9cdafde7577dd2be4.tar.bz2 historical-1874c21dfd696e1e105223c9cdafde7577dd2be4.zip |
Bump, GnuTLS support per bug #421463. Tested with USE="berkdb crypt cxx experimental gnutls ipv6 overlays perl samba sasl slp ssl syslog -minimal".
Package-Manager: portage-2.2.0_alpha173/cvs/Linux x86_64
Diffstat (limited to 'net-nds')
-rw-r--r-- | net-nds/openldap/ChangeLog | 13 | ||||
-rw-r--r-- | net-nds/openldap/Manifest | 28 | ||||
-rw-r--r-- | net-nds/openldap/files/openldap-2.4.33-gnutls.patch | 60 | ||||
-rw-r--r-- | net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch | 38 | ||||
-rw-r--r-- | net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch | 48 | ||||
-rw-r--r-- | net-nds/openldap/openldap-2.4.33-r2.ebuild | 669 | ||||
-rw-r--r-- | net-nds/openldap/openldap-2.4.35.ebuild | 669 |
7 files changed, 1503 insertions, 22 deletions
diff --git a/net-nds/openldap/ChangeLog b/net-nds/openldap/ChangeLog index 4b5e4fa81879..039b50e12324 100644 --- a/net-nds/openldap/ChangeLog +++ b/net-nds/openldap/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for net-nds/openldap # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.430 2013/03/03 09:02:31 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.431 2013/04/16 03:58:26 robbat2 Exp $ + +*openldap-2.4.33-r2 (16 Apr 2013) +*openldap-2.4.35 (16 Apr 2013) + + 16 Apr 2013; Robin H. Johnson <robbat2@gentoo.org> + +files/openldap-2.4.33-gnutls.patch, + +files/openldap-2.4.35-contrib-samba4.patch, + +files/openldap-2.4.35-contrib-smbk5pwd.patch, +openldap-2.4.33-r2.ebuild, + +openldap-2.4.35.ebuild: + Bump, GnuTLS support per bug #421463. Tested with USE="berkdb crypt cxx + experimental gnutls ipv6 overlays perl samba sasl slp ssl syslog -minimal". 03 Mar 2013; Mike Frysinger <vapier@gentoo.org> openldap-2.3.43-r1.ebuild, openldap-2.3.43-r3.ebuild, openldap-2.4.19-r1.ebuild, openldap-2.4.21.ebuild, diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest index 335e6f265a65..0f6f81e88f96 100644 --- a/net-nds/openldap/Manifest +++ b/net-nds/openldap/Manifest @@ -1,6 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - AUX DB_CONFIG.fast.example 746 SHA256 69fc9aa6e4f0b888bc02d3f75642fe1ebf9345c685257a5c1236b2e79ed56e0b SHA512 07199416b7c91864a1dd5ad45642367c4f79ee8b694214305289c47afb5b53420f0fb81cf7c8b117400c903535e88a2dd47bda28d57e969aeeec669debf6dc9e WHIRLPOOL 1d6a2adcdbbac2698d8d5ab1867ecfafee23c8561c34addaea30f59bde8b4bfad88c576ffd7df102aa428c2588ed3b9376de49606eb6608c8e873f8119326c5a AUX openldap-2.2.14-perlthreadsfix.patch 614 SHA256 bb719cc1fed47ff0f111c960f3295781ae6f0d9e98b4266a87751044b4bb3175 SHA512 e2579de72194c63e445108a39a85635622c1a629cec9d276df84ce9d770dbe7e2df2057663bac192558af3dee60fa2f0ae92f4cc34145c300fe141ae7f3f13b3 WHIRLPOOL 24cab36ff0368f81f555ba0fa0ea0f78d245d1863bf4c6c6d291536b16bdbe628a9a204ffccce12a6014b71717f3dd722c9f95061c1a519e273c0535316ad97d AUX openldap-2.2.6-ntlm.patch 5011 SHA256 1f7e766bcafb412ec336aad7e07295d6d62d2e2a62b6804b07b06a5056102243 SHA512 8140dba85c56f269c953b0b23b2ca7eecb42f8e5167f4d0f08511dc8c06c30bcb42c3e38ed3b77d5622780a94c0aa9eb65bb8e45af50075acab97e7f466a1a9d WHIRLPOOL 75c2394c46242f738b5ee0db8473b05b5e7e75821e89dcea3ca7a139e34cc61f5848d0601dc66499dad35beefdd02aed5486ed138cfd8e216041aa5ceb85c920 @@ -20,6 +17,9 @@ AUX openldap-2.4.28-fix-dash.patch 1101 SHA256 fddaad5f49cce39bf5492bb1dda10f2ce AUX openldap-2.4.28-gnutls-gcrypt.patch 340 SHA256 26dc29a502e45f6b1003674c1ef5bc6c79b71d00fc9b2fc7a145291a314370c0 SHA512 53441707e9b24e774c0541ad8b63295eea6dc0352ae2ef3bf389f381da18f1df05fb2f7b41c816e1f697d8f1b208643d05891c03d8fba42d85e3b7689e5ee94f WHIRLPOOL 6be9eda56fd68c9e0818443ca70ee6c1e904aa6126576477d402c9abd2ee44952a0a313efc89f603b02cac35cbfea3c987de5b6ec3625a92bc691386edd85aa5 AUX openldap-2.4.30-contrib-samba4.patch 1639 SHA256 f47e416d8ef21dcfde6d0ecdace27063e8b20236f5d832675aa4efe222a5a69e SHA512 39a8b2675aa98b4d74a374e3ac45e83e07201ccc807c96eff0aa26e8571503c13fe48fa0d76d610fab99c4615f2ee1388b9bc386abb38a3fa162ca278f872241 WHIRLPOOL 9967fd742c3ee80f5d2dd0c1906b00393bf5e29ba3f7b8d0eef2779004d67292c203eb8ead4e34a993499e8e1aef0e0e5ca78ab64785488bd566be503b0af237 AUX openldap-2.4.31-gcc47.patch 480 SHA256 6a0bef52a8681e30c4be7c11df88f5c73d2ab90f0bbbb79c550b6174d3978060 SHA512 a35113fe3f5e9ae5b9631976415df41d53a99ae1ca4c4dcdcfd89e6ccc6ba906cf5cfe2ee4901033dba29d62b6607d4a93ca74645eb6ceba38e67c5d8521816a WHIRLPOOL bf1315bebf8b16a625d55ac1d040a1ab831c25c87fe6f9bb9ff4b1b54f621a36e75e6055955e60617823fbf78244cd4aec7f702ea0d7a8d85a164f550d2675e7 +AUX openldap-2.4.33-gnutls.patch 1863 SHA256 e8d493246c2e652135f130c1dedbeb9760bed5f61d73c6662ba7f816ead59e52 SHA512 1b3830cf96b2c470e723dd966330e1b0a69c11aa7b10b5af04f2ab907e7e9ffd038589af7a472a374f47b5d08638b06ad04e0ff9a9180a9b5fc89884d3437df4 WHIRLPOOL 331798cf7ef9270ad57ca81ad1c32c223f8cd3932cec7fb235e3328acabedf68f952ace2903c45277617ebc0f498c919e62eadf638fb5d817717b324635531cd +AUX openldap-2.4.35-contrib-samba4.patch 1400 SHA256 64ca91d3edae25d392f39a7f538e269b26de4e09923f872014e84ec388bda911 SHA512 332c4b2daa3eba165cfdcd479b1012e139d60095aaa628f8f5750fffb722d39395935bd7d7e56272e98fd234ab0be1c6568a71feeda5d88ba24b91b385defdad WHIRLPOOL c472dc75bbc1261b84ce0bfe8dd0a749200d7540647733ca13c0b1ccd8330739278f83eea3c91b3b29e5982eb6c9f9fb920ffdd9a6faaf4c0e66a97a1d16db55 +AUX openldap-2.4.35-contrib-smbk5pwd.patch 1626 SHA256 377b9204f51bb751d7311de3ee789386496372db2964ed2a929733099c23688a SHA512 c045c7605d25bab9eef8c12752f4952e3e6358124764ded91f5f98210686bc371f32ac20c56a63de80410f882f20e0889eec95474f1ee9d4c5bb4ed303ec8da0 WHIRLPOOL 64feead042fe22ec8bd36a23a11ea1af513702de2ab063324f0e49802635ca53b9f2f662159c8784877f6342d0a15cb231710be2ea69031c3df7459cd150cc47 AUX openldap-2.4.6-evolution-ntlm.patch 5161 SHA256 3b79d9afaa7c76ca20c5e7aa856dea49931741a1022ae6c3bb264c38f4c22edb SHA512 a553231ad3e2d2ca3a3a195b20da6163c135a723e0a3ed39afcad5601ed4ef01e692533df3f8f96d5ec8cc74ca27cbd16508818007dc1343899a42b5595b980b WHIRLPOOL 624f11c996825bb248dd7c33f64afd3a4e8b9edbbe79c6fdffc7f2d8e57c5d8ac4c651eae7763dbc0a06144b916131b70e599771034bcb6bd8c586a9bf6a8209 AUX slapd-confd 614 SHA256 901044908fbbbbf333f7f0f1efccd1f0e213aa1a9156b3e659eaf0a0c7fdfc89 SHA512 e4ae52d10294da787016cf39adfd68c6ad812ac1758b00845810ee7936d21734d2ef3793252b878d88f21788414071adffb5f484381d4dc6a29f71a8729486b7 WHIRLPOOL d45df7487a952f899e9098779edda82afd9fb5ca66e42bbaf4a94f9ebdda9be58a026c0358a521a2feb4cc04c1f8477fb034896054ca4575d717bec367e1e2e8 AUX slapd-confd-2.4.28-r1 1072 SHA256 5bca003ec3b67c7c78519aede1d82002579006ccfecce8f87b559df719f82e92 SHA512 7426c04ee689bcfb29a9a3956367c571eac6bc9620efda938591d09382a05527454458f7a25bdc2fa2ac920f93bae516121e085408ffefbe8ace0c7d8c5da315 WHIRLPOOL b9cb4e249f224ce2435184922df8d053d4c6d058a6408b72ac3c393563bdc0d413f7310e74ef7dcdab6dedc3d25a77d5af0581334356a9b55be5c516d6ee71d4 @@ -38,6 +38,7 @@ DIST openldap-2.4.30.tgz 5440261 SHA256 fc013e528616f8578d9f221409c48af9b8937a62 DIST openldap-2.4.31.tgz 5444236 SHA256 bde845840df4794b869a6efd6a6b1086f80989038e4844b2e4d7d6b57b39c5b6 SHA512 c0f58928a339bedf68de4f95ca0e4d82b187d54ffa15834ebd69d8a90722f699cc495fb4f624450bc51b9e1bcb2b96c429b84dd80ba1930ecdd24c1cd77cc24b WHIRLPOOL 51b897ab6d7b2a50232d3ce59c928e9e12e372d61c888e5d1826ad14f313a48cb8cb47ec4156383ceb7a8ef20d0feaf60658a9c84f255e09f9510dbe0b34640b DIST openldap-2.4.32.tgz 5450134 SHA256 9ee413c6a816cb41f71826759b78001d04e747ede9dde302d6ba94ab16f0b82e SHA512 85b6d32fb08c6f4230bfea3f7cb9de0723f4894eae1266384ffea289710e3f3c49b1b0c1802dde41f4a64292c5e68d1d7dd6812f6027e23609b950259b4c93e7 WHIRLPOOL dc99d68ad45f6881fbcad1efc4a74f11cec47517de52f7e7d407f9b85ea6d6f3df844d9bc95360a338ea4d22886508e1e1aba0a61c182a0e594f6cbcc8440e24 DIST openldap-2.4.33.tgz 5463850 SHA256 81e9eca20f17a69a5d15ebc4c66a323106da4f4f80a32105bc7cdea333aca14c SHA512 382253c0dc1f7937748cb5931d60db90e16dc06201c3e0eebbf0f7fb8b7f1d3634c6036804977e9a5a6e264cc0888abcc66d507310a5c3451d2dc7a758213e84 WHIRLPOOL 4ca58af83c2ec1e2ef9de61963858254b882269a4c97ea1edec31cd6a07f944bec6db79c4ad6997f5c9e8792a6d1dfebd49af9d20ac5538a7f4f92a63c59f518 +DIST openldap-2.4.35.tgz 5486240 SHA256 16100374c147df0d82a5c52ca60da5eca1a5ea8b5a187467d40a78e3691e9eeb SHA512 b39232b4bab7ecb0ae14961adaa555590ca24ecbaeb3d94ea251e2de3bf7425ce364a2a488f9745fae17f106cdf198c852c73b5f2b910d329c598db435d6b31d WHIRLPOOL dccdbb7e858da3a5a6bec31956e13acac3ec604c4d40b88ff64ea9741feb32e70e7a9113f0e147996728214f494f8a858a55cbf6ceb1d5a8c6cc27e4aed44629 DIST rfc2307bis.schema-20100722 9718 SHA256 c61c72e04b45d1e774de1e4084fb2a596210307fc94fe6532b257cdae283b86b SHA512 f71ec7f5ebf826524ef263c2d7e1fc17b7238bd82c3118bfdae2eddbb00e9777ea918c644f0416e818cf60f44807555a0ca48c20cc8738fcbf1675cff7292f17 WHIRLPOOL 77dd13ebbb87f44298cda6f48940662d288a7bf6fbcde3ad88656eee00b470fee11d8ecbd5a6008d3ca3263c48447b30310393881922a258d81722a56e05deb7 DIST rfc2307bis.schema-20120525 11922 SHA256 41f90e2eafab34925b8223887fa378fc4bbb2801937fdfd3e5a8cf3517229c38 SHA512 cf313fcbbc79d2d1085f7547ed277f58605d931592d70298204f80f40092bf6450561162178e23add2fa5baf19c0b8fff82f69fbf9c2fde6744e9f29f4dac699 WHIRLPOOL b5dd02f0a5ab183b2f981995d886a6e193ec37c0247195a5eb30bc622aa8762130a053f6cad76923bffd55635e0c4e0904aabf0c1124dc9d69080d33f3f53e1c EBUILD openldap-2.3.43-r1.ebuild 18090 SHA256 aae9a6a1eac2e8ade42e262e4aabe9c5a363e4149a08253d500f2b4194d0e760 SHA512 73245ce0081b52bc9be58142c9640b1c2965a0cd433b26871e9852fbb70e37e89f5583f6ba3be9ab0549f7c5d97d6f9760689326896a746fa6a2e2949d5a1260 WHIRLPOOL 84bbe8da6ab7bb10e6c4b434f6afbf58209d3167226a6d08d1cdf0115a55802a11d8116cdf784fdb8ba3cae83335e17a5e86517f1232e6d0e53b8d51f3363389 @@ -55,23 +56,8 @@ EBUILD openldap-2.4.31-r1.ebuild 22312 SHA256 9795321cd892d2f7372f17dc26fb1dafe7 EBUILD openldap-2.4.31.ebuild 22254 SHA256 cf4893975f5e6b7f83ce63e1e82d566374dc8f305712047b2f81ffdddd08f0a4 SHA512 1b62c1c107a5ca3256be4a67fe2a4bc3b959963a39a7faef4a8b2a2ce65d8244238c11ee059e7aea5b4cb9d359f2dc70bca843d408f439a412b1bbc6cb1b546b WHIRLPOOL 6248efa93a28f320f094f0f7e017cc24c83eb6adb667749294363bbe94005e2a7ed4e8859b5bc1a915e8b937f90d402dbbbed41be90b9804f857224ac02d940a EBUILD openldap-2.4.32.ebuild 22317 SHA256 fe078797113bf34a6a626a26c82007bb6dd4b4f3271e6cb2f9dc104840bdccab SHA512 fe6e95794aed15c22f899db10e69ab5910d69b0e7452f036f2ed7a5ba6e9bcb266bf0d81cdf6cd2cad23855a9e0b0c2c5b8f8cb30dc9b38d283363f808f65f5d WHIRLPOOL 8c0db904e0ac099258f074255bda9849ccb5936dd3b725e511d362ce23803ee8e1bb6815a89088b7d084bd6f0f5413a1404db587fff6ee1ba25613f90af72261 EBUILD openldap-2.4.33-r1.ebuild 22128 SHA256 ff2b9a7d59b468f696156d91957b210fb0b5abe969a1eb399255f839c5dc5c4d SHA512 53b656324ee84a602cea474f9ae3bedb6fb57f9a653520292203dd368a77d5daa5bb49cf62488e1e2daf818aa98adcd0fb7ca58e5e02f78751a7255e92c71605 WHIRLPOOL 78748de28219108ea56898814ad0535ad98bc45af214df2f1ff521aef5de8bf96b949a981ed1fa9a8cd1adf3f3d84a960de89f3f979112ea631f81611246d1cc +EBUILD openldap-2.4.33-r2.ebuild 22185 SHA256 90adbb7cdf8097ffcdcc3d6a2113bb32599f61d09b8b45dfc87241b2bc4291f7 SHA512 aec70ec1058d3fcd522b7e609bb8501494fab08ed74639f6810e310e2e85887e1358645ed873d99f213b9fb710d0cb060e962b45d1d2b1a935b6b67debea889c WHIRLPOOL 8b08999deec515f41c6ed0c927f6b9ec174f60ee861494db97271ca33874c3e05aa0e1c522089d1bcb30e25b8c6954f320ea145b5f37899c6f6e052502d2af29 EBUILD openldap-2.4.33.ebuild 22317 SHA256 0ce4a04acddb9bc60354329a543b67b41aa7750bff75e1487260df729e32e1fa SHA512 4b094db524df29aaa70bc75aee4aad2dfe87e78c77cd4eb8cd0d7dc227664f82c7b04716e26decf6a8b6f8315c693a417dda812c26844f8d51f97b2559476121 WHIRLPOOL cc3adda366efdf3334d879628b7541cb4650282e6123256a104486c82e678d12a9aad791ee24064da17497b4c9ed8fe32a26d02946747161b4d0efb62502fe6d -MISC ChangeLog 76008 SHA256 2411dff6a5d65dc10f55174c026f3e5da6c5c8e474f977fca66c71e87b10e91e SHA512 9bde55c422e1681f41816b4d2b191d344be95e02bf71c4632d30b14cc38f1d23f53677e78382ba81ee2e47ec0cf9112a3f755c4d33a67de3e2cc0fd25296aaa3 WHIRLPOOL f9507d35923c8086822ce7a20ce1543493255f1c1a33863cd1f1cdb2689c1f7e331be8214e055df8b01e7b6c5037ca225745e2c9e80cf171452f8a8148bdbbc6 +EBUILD openldap-2.4.35.ebuild 22182 SHA256 ebe1cff35c1018dd216d00ddb87dfc648374b85806567f7fe80e47edd0cf5bb1 SHA512 103fb09daec2502d163ebd2fa57143af740ac0fcf67ad56ccfc54883e5688710375d183ded1f68abd42a67e558d0213650f12e7b818962d778b1b083f4861754 WHIRLPOOL e9ac3e1c93bdd7ee8e38fc1d6789f12ed2e9fa0b39763256f5633bfd85b3c0f3aab1f973f0462f12c645f0edc4ee50a3d4c61285cb81eaacd7dc9ca95e51985f +MISC ChangeLog 76471 SHA256 b8292f3e29e39e85983e0e9e3856aa0c4470d47032c13179b3c84fda867686ea SHA512 f3054ccfcd509ec4e9ddffba4395c10f0c70264aa902068d889204543c1d99516b4474503ee2f1286dd889c263834a721af8ba28ac0aba91932aba55267cf0fc WHIRLPOOL 8257618bb316b559a1c19ba9374d08fd82d8f7264d0bbc0cbfa663ed61d81cab634c21d926899ac99b0dccd733727283b7d8981818d06ac5a5b7c2a7e76619cf MISC metadata.xml 664 SHA256 70c2b3ca29517c6cafffef5802fcd6a513517d320a118bf2205b0033ffa384ea SHA512 55e576a18ae7c71f3fa413b252a40945059d9f9308f4036739124bd241cc6c409816124c7e4fd30df965963d93907bce03ee117489fdb3443e62bf00dac9da25 WHIRLPOOL ce3c30df03e9026415bd72d5f3c132bb3273a597a6ca8e8928957baae1b4bc6d80ab8f7f0698d72cd8d5773a957ee2a929d3c2bdd4f5a6cd6ba88f9b9e0aa4c7 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.19 (GNU/Linux) - -iQIcBAEBCAAGBQJRMxIOAAoJELEHsLL7fEFWcycP/2BSgQlLuVZ7sJXm2uaNgpGX -t8eVXj0npKBkNNliFpcH7N3DXM2bsuMAl+VT7rKFAEUvvFTDnKXiGu5aygjzMtap -m2bwvMdN66H6GJy3Vmgyz/h1wpKoN3EDEj68zKm8vdQawNxE7focr8shVoYFiZQ7 -OzSHK1vqfLFWmn6nKfxSDpRO00Wk2wPDeGXt5hVDzcb93B3FgIskadT6tJ20Swlc -tm4MLpz6oRzaF7uIylcaZrLaykpOBcHDF686nobIuiGx36oWuYU5447I4weYRr2c -2/X0lq/CH1RnDPxINaak+l70I28V4cSpa6FS+ZSVwCYlcMxqFF2/b97lnFyAGwcE -6pv99pEtRiPUkPPkx+nlnwX/xn9XpZ9pHmiHVAxCH3La7CvcvIwZNdIgN0RnJ0U+ -MXqWm/ptAAYt8BZKXAAAhU84AGLjJTE5xGVSwJttT5EbzSzTlA30ZeQHvbT22S2B -R2mJ+e8f+nDegSn2lmq8v6M0V5dC6yXSTVDjG2GJM+w2JHTJsfya6G0t6IqP4TtS -kL8bKod6TmVoy/ehLwUaJznpcslmus2uVbcCGd0TdnNhF8ELrXfywY4C8IEuj/+u -SvCq1Sft/Y1svRg5hukGhRovUCt5Py0L6elWH5b3L93bcPi5Fu81Lf/1qzKjm1k5 -QiqX6tSeJccJ4vBTfGft -=bZwL ------END PGP SIGNATURE----- diff --git a/net-nds/openldap/files/openldap-2.4.33-gnutls.patch b/net-nds/openldap/files/openldap-2.4.33-gnutls.patch new file mode 100644 index 000000000000..2b07c85c04aa --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.33-gnutls.patch @@ -0,0 +1,60 @@ +From 98de912932732f1441300eb64ca3070ff1469fcf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz> +Date: Sun, 30 Dec 2012 21:11:06 +0100 +Subject: [PATCH] GnuTLS 3.0 removed gnutls_certificate_get_x509_cas() + +--- + libraries/libldap/tls_g.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c +index 40616f5..374514d 100644 +--- a/libraries/libldap/tls_g.c ++++ b/libraries/libldap/tls_g.c +@@ -60,6 +60,12 @@ + #undef HAVE_GCRYPT_RAND + #endif + ++#if LIBGNUTLS_VERSION_NUMBER >= 0x030000 ++#define HAVE_GNUTLS_CERTIFICATE_GET_ISSUER 1 ++#else ++#undef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER ++#endif ++ + #ifndef HAVE_CIPHERSUITES + /* Versions prior to 2.2.0 didn't handle cipher suites, so we had to + * kludge them ourselves. +@@ -368,6 +374,22 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) + * then we have to build the cert chain. + */ + if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) { ++#ifdef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER ++ gnutls_x509_crt_t issuer; ++ unsigned int i; ++ ++ for ( i = 1; i<VERIFY_DEPTH; i++ ) { ++ /* If no CA is known, we're done */ ++ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], ++ &issuer, 0 ) ) ++ break; ++ certs[i] = issuer; ++ max++; ++ /* If this CA is self-signed, we're done */ ++ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] )) ++ break; ++ } ++#else + gnutls_x509_crt_t *cas; + unsigned int i, j, ncas; + +@@ -387,6 +409,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) + if ( j == ncas ) + break; + } ++#endif /* !defined HAVE_GNUTLS_CERTIFICATE_GET_ISSUER */ + } + rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key ); + if ( rc ) return -1; +-- +1.8.0.2 + diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch new file mode 100644 index 000000000000..4312dc7c55ea --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch @@ -0,0 +1,38 @@ +diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile openldap-2.4.35/contrib/slapd-modules/samba4/Makefile +--- openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile 2013-03-28 15:41:51.000000000 +0000 ++++ openldap-2.4.35/contrib/slapd-modules/samba4/Makefile 2013-04-16 02:16:40.651868432 +0000 +@@ -20,7 +20,8 @@ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 -Wall ++#OPT = -g -O2 -Wall ++OPT = -Wall + DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \ + -DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \ + -DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC +@@ -41,20 +42,20 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + pguid.la: pguid.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + rdnval.la: rdnval.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + vernum.la: vernum.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch new file mode 100644 index 000000000000..4383802a0ead --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch @@ -0,0 +1,48 @@ +diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile +--- openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile 2013-03-28 15:41:51.000000000 +0000 ++++ openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile 2013-04-16 02:13:38.939913119 +0000 +@@ -21,16 +21,23 @@ + SSL_INC = + SSL_LIB = -lcrypto + +-HEIMDAL_INC = -I/usr/heimdal/include +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++#HEIMDAL_INC = -I/usr/heimdal/include ++#HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++KRB5_INC = $(HEIMDAL_INC) ++KRB5_LIB = $(HEIMDAL_LIB) -lkrb5 -lkadm5srv + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 -Wall ++#OPT = -g -O2 -Wall ++OPT = -Wall + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. +-DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW +-INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) +-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) ++#DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW ++INCS = $(LDAP_INC) $(KRB5_INC) $(SSL_INC) ++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS))) ++ LIBS=$(LDAP_LIB) $(SSL_LIB) ++else ++ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB) ++endif + + PROGRAMS = smbk5pwd.la + LTVER = 0:0:0 +@@ -46,12 +53,12 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + smbk5pwd.la: smbk5pwd.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: diff --git a/net-nds/openldap/openldap-2.4.33-r2.ebuild b/net-nds/openldap/openldap-2.4.33-r2.ebuild new file mode 100644 index 000000000000..7b284797dd3e --- /dev/null +++ b/net-nds/openldap/openldap-2.4.33-r2.ebuild @@ -0,0 +1,669 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.33-r2.ebuild,v 1.1 2013/04/16 03:58:26 robbat2 Exp $ + +EAPI="4" + +inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs autotools + +BIS_PN=rfc2307bis.schema +BIS_PV=20120525 +BIS_P="${BIS_PN}-${BIS_PV}" + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="http://www.OpenLDAP.org/" +SRC_URI="mirror://openldap/openldap-release/${P}.tgz + mirror://gentoo/${BIS_P}" + +LICENSE="OPENLDAP" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris" + +IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal" +IUSE_BACKEND="+berkdb" +IUSE_OVERLAY="overlays perl" +IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux" +IUSE_CONTRIB="smbkrb5passwd kerberos" +IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" +IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" + +REQUIRED_USE="cxx? ( sasl )" + +# openssl is needed to generate lanman-passwords required by samba +RDEPEND="icu? ( dev-libs/icu ) + ssl? ( !gnutls? ( dev-libs/openssl ) + gnutls? ( net-libs/gnutls dev-libs/libgcrypt ) ) + sasl? ( dev-libs/cyrus-sasl ) + !minimal? ( + sys-devel/libtool + tcpd? ( sys-apps/tcp-wrappers ) + odbc? ( !iodbc? ( dev-db/unixODBC ) + iodbc? ( dev-db/libiodbc ) ) + slp? ( net-libs/openslp ) + perl? ( dev-lang/perl[-build] ) + samba? ( dev-libs/openssl ) + berkdb? ( sys-libs/db ) + smbkrb5passwd? ( + dev-libs/openssl + app-crypt/heimdal ) + kerberos? ( virtual/krb5 ) + cxx? ( dev-libs/cyrus-sasl ) + ) + selinux? ( sec-policy/selinux-ldap )" +DEPEND="${RDEPEND} + sys-apps/groff" + +# for tracking versions +OPENLDAP_VERSIONTAG=".version-tag" +OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" + +openldap_filecount() { + local dir="$1" + find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l +} + +openldap_find_versiontags() { + # scan for all datadirs + openldap_datadirs="" + if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then + openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)" + fi + openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" + + einfo + einfo "Scanning datadir(s) from slapd.conf and" + einfo "the default installdir for Versiontags" + einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" + einfo + + # scan datadirs if we have a version tag + openldap_found_tag=0 + have_files=0 + for each in ${openldap_datadirs}; do + CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` + CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} + if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then + einfo "- Checking ${each}..." + if [ -r ${CURRENT_TAG} ] ; then + # yey, we have one :) + einfo " Found Versiontag in ${each}" + source ${CURRENT_TAG} + if [ "${OLDPF}" == "" ] ; then + eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" + eerror "Please delete it" + eerror + die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" + fi + + OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` + + [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 + + # are we on the same branch? + if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then + ewarn " Versiontag doesn't match current major release!" + if [[ "${have_files}" == "1" ]] ; then + eerror " Versiontag says other major and you (probably) have datafiles!" + echo + openldap_upgrade_howto + else + einfo " No real problem, seems there's no database." + fi + else + einfo " Versiontag is fine here :)" + fi + else + einfo " Non-tagged dir ${each}" + [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 + if [[ "${have_files}" == "1" ]] ; then + einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" + echo + + eerror + eerror "Your OpenLDAP Installation has a non tagged datadir that" + eerror "possibly contains a database at ${CURRENT_TAGDIR}" + eerror + eerror "Please export data if any entered and empty or remove" + eerror "the directory, installation has been stopped so you" + eerror "can take required action" + eerror + eerror "For a HOWTO on exporting the data, see instructions in the ebuild" + eerror + openldap_upgrade_howto + die "Please move the datadir ${CURRENT_TAGDIR} away" + fi + fi + einfo + fi + done + [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" + + # Now we must check for the major version of sys-libs/db linked against. + SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd + if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then + OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ + | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" + NEWVER="$(use berkdb && db_findver sys-libs/db)" + local fail=0 + if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then + : + # Nothing wrong here. + elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was not built against" + eerror " any version of sys-libs/db, but the new one will build" + eerror " against ${NEWVER} and your database may be inaccessible." + echo + fail=1 + elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will not be" + eerror " built against any version and your database may be" + eerror " inaccessible." + echo + fail=1 + elif [ "${OLDVER}" != "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will build against" + eerror " ${NEWVER} and your database would be inaccessible." + echo + fail=1 + fi + [ "${fail}" == "1" ] && openldap_upgrade_howto + fi + + echo + einfo + einfo "All datadirs are fine, proceeding with merge now..." + einfo +} + +openldap_upgrade_howto() { + eerror + eerror "A (possible old) installation of OpenLDAP was detected," + eerror "installation will not proceed for now." + eerror + eerror "As major version upgrades can corrupt your database," + eerror "you need to dump your database and re-create it afterwards." + eerror + eerror "Additionally, rebuilding against different major versions of the" + eerror "sys-libs/db libraries will cause your database to be inaccessible." + eerror "" + d="$(date -u +%s)" + l="/root/ldapdump.${d}" + i="${l}.raw" + eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" + eerror " 2. slapcat -l ${i}" + eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" + eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" + eerror " 5. emerge --update \=net-nds/${PF}" + eerror " 6. etc-update, and ensure that you apply the changes" + eerror " 7. slapadd -l ${l}" + eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" + eerror " 9. /etc/init.d/slapd start" + eerror "10. check that your data is intact." + eerror "11. set up the new replication system." + eerror + if [ "${FORCE_UPGRADE}" != "1" ]; then + die "You need to upgrade your database first" + else + eerror "You have the magical FORCE_UPGRADE=1 in place." + eerror "Don't say you weren't warned about data loss." + fi +} + +pkg_setup() { + if ! use sasl && use cxx ; then + die "To build the ldapc++ library you must emerge openldap with sasl support" + fi + # Bug #322787 + if use minimal && ! has_version "net-nds/openldap" ; then + einfo "No datadir scan needed, openldap not installed" + elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then + einfo "Skipping scan for previous datadirs as requested by minimal useflag" + else + openldap_find_versiontags + fi + + enewgroup ldap 439 + enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap +} + +src_prepare() { + # ensure correct SLAPI path by default + sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \ + "${S}"/include/ldap_defaults.h + + epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch + + epatch \ + "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ + "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch + + # bug #116045 - still present in 2.4.28 + epatch "${FILESDIR}"/${PN}-2.4.28-contrib-smbk5pwd.patch + # bug #408077 - samba4 + epatch "${FILESDIR}"/${PN}-2.4.30-contrib-samba4.patch + + # bug #189817 + epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch + + # bug #233633 + epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch + + # bug #281495 + epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch + + # bug #294350 + epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch + + # unbreak /bin/sh -> dash + epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch + + # bug #420959 + epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch + + # bug #421463 + epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch + + cd "${S}"/build + einfo "Making sure upstream build strip does not do stripping too early" + sed -i.orig \ + -e '/^STRIP/s,-s,,g' \ + top.mk || die "Failed to block stripping" + + # wrong assumption that /bin/sh is /bin/bash + sed -i \ + -e 's|/bin/sh|/bin/bash|g' \ + "${S}"/tests/scripts/* || die "sed failed" + + cd "${S}" + AT_NOEAUTOMAKE=yes eautoreconf +} + +build_contrib_module() { + lt="${S}/libtool" + # <dir> <sources> <outputname> + cd "${S}/contrib/slapd-modules/$1" + einfo "Compiling contrib-module: $3" + # Make sure it's uppercase + local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -D${define_name}=SLAPD_MOD_DYNAMIC \ + -I../../../include -I../../../servers/slapd ${CFLAGS} \ + -o ${2%.c}.lo -c $2 || die "compiling $3 failed" + einfo "Linking contrib-module: $3" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o $3.la ${2%.c}.lo || die "linking $3 failed" +} + +src_configure() { + local myconf + + #Fix for glibc-2.8 and ucred. Bug 228457. + append-flags -D_GNU_SOURCE + + # Bug 408001 + use elibc_FreeBSD && append-flags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync + + use debug && myconf="${myconf} $(use_enable debug)" + + # ICU usage is not configurable + export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)" + + if ! use minimal ; then + # re-enable serverside overlay chains per bug #296567 + # see ldap docs chaper 12.3.1 for details + myconf="${myconf} --enable-ldap" + + # backends + myconf="${myconf} --enable-slapd" + if use berkdb ; then + einfo "Using Berkeley DB for local backend" + myconf="${myconf} --enable-bdb --enable-hdb" + # We need to include the slotted db.h dir for FreeBSD + append-cppflags -I$(db_includedir) + else + ewarn + ewarn "Note: if you disable berkdb, you can only use remote-backends!" + ewarn + ebeep 5 + myconf="${myconf} --disable-bdb --disable-hdb" + fi + for backend in dnssrv ldap meta monitor null passwd relay shell sock; do + myconf="${myconf} --enable-${backend}=mod" + done + + myconf="${myconf} $(use_enable perl perl mod)" + + myconf="${myconf} $(use_enable odbc sql mod)" + if use odbc ; then + local odbc_lib="unixodbc" + if use iodbc ; then + odbc_lib="iodbc" + append-cppflags -I"${EPREFIX}"/usr/include/iodbc + fi + myconf="${myconf} --with-odbc=${odbc_lib}" + fi + + # slapd options + myconf="${myconf} $(use_enable crypt) $(use_enable slp)" + myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)" + if use experimental ; then + myconf="${myconf} --enable-dynacl" + myconf="${myconf} --enable-aci=mod" + fi + for option in aci cleartext modules rewrite rlookups slapi; do + myconf="${myconf} --enable-${option}" + done + + # slapd overlay options + # Compile-in the syncprov, the others as module + myconf="${myconf} --enable-syncprov=yes" + use overlays && myconf="${myconf} --enable-overlays=mod" + + else + myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb" + myconf="${myconf} --disable-overlays --disable-syslog" + fi + + # basic functionality stuff + myconf="${myconf} $(use_enable ipv6)" + myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)" + myconf="${myconf} $(use_enable tcpd wrappers)" + + local ssl_lib="no" + if use ssl || ( use ! minimal && use samba ) ; then + ssl_lib="openssl" + use gnutls && ssl_lib="gnutls" + fi + + myconf="${myconf} --with-tls=${ssl_lib}" + + for basicflag in dynamic local proctitle shared static; do + myconf="${myconf} --enable-${basicflag}" + done + + # connectionless ldap per bug #342439 + append-cppflags -DLDAP_CONNECTIONLESS + + tc-export CC AR CXX + STRIP=/bin/true \ + econf \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ + ${myconf} || die "econf failed" +} + +src_configure_cxx() { + # This needs the libraries built by the first build run. + # So we have to run it AFTER the main build, not just after the main + # configure. + if ! use minimal ; then + if use cxx ; then + local myconf_ldapcpp + myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include" + cd "${S}/contrib/ldapc++" + OLD_LDFLAGS="$LDFLAGS" + OLD_CPPFLAGS="$CPPFLAGS" + append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs + append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs + append-cppflags -I../../../include + econf ${myconf_ldapcpp} \ + CC="${CC}" \ + CXX="${CXX}" \ + || die "econf ldapc++ failed" + CPPFLAGS="$OLD_CPPFLAGS" + LDFLAGS="${OLD_LDFLAGS}" + fi + fi +} + +src_compile() { + emake depend || die "emake depend failed" + emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash || die "emake failed" + lt="${S}/libtool" + export echo="echo" + + if ! use minimal ; then + if use cxx ; then + einfo "Building contrib library: ldapc++" + src_configure_cxx + cd "${S}/contrib/ldapc++" + emake \ + CC="${CC}" CXX="${CXX}" \ + || die "emake ldapc++ failed" + fi + + if use smbkrb5passwd ; then + einfo "Building contrib-module: smbk5pwd" + cd "${S}/contrib/slapd-modules/smbk5pwd" + + emake \ + DEFS="-DDO_SAMBA -DDO_KRB5 -DDO_SHADOW" \ + KRB5_INC="$(krb5-config --cflags)" \ + CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \ + || die "emake smbk5pwd failed" + fi + + if use overlays ; then + einfo "Building contrib-module: samba4" + cd "${S}/contrib/slapd-modules/samba4" + + emake \ + CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \ + || die "emake samba4 failed" + fi + + if use kerberos ; then + cd "${S}/contrib/slapd-modules/passwd" + einfo "Compiling contrib-module: pw-kerberos" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I../../../include \ + ${CFLAGS} \ + $(krb5-config --cflags) \ + -DHAVE_KRB5 \ + -o kerberos.lo \ + -c kerberos.c || die "compiling pw-kerberos failed" + einfo "Linking contrib-module: pw-kerberos" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-kerberos.la \ + kerberos.lo || die "linking pw-kerberos failed" + fi + # We could build pw-radius if GNURadius would install radlib.h + cd "${S}/contrib/slapd-modules/passwd" + einfo "Compiling contrib-module: pw-netscape" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I../../../include \ + ${CFLAGS} \ + -o netscape.lo \ + -c netscape.c || die "compiling pw-netscape failed" + einfo "Linking contrib-module: pw-netscape" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-netscape.la \ + netscape.lo || die "linking pw-netscape failed" + + build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" + build_contrib_module "allop" "allop.c" "overlay-allop" + build_contrib_module "allowed" "allowed.c" "allowed" + build_contrib_module "autogroup" "autogroup.c" "autogroup" + build_contrib_module "denyop" "denyop.c" "denyop-overlay" + build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" + # lastmod may not play well with other overlays + build_contrib_module "lastmod" "lastmod.c" "lastmod" + build_contrib_module "nops" "nops.c" "nops-overlay" + build_contrib_module "trace" "trace.c" "trace" + # build slapi-plugins + cd "${S}/contrib/slapi-plugins/addrdnvalues" + einfo "Building contrib-module: addrdnvalues plugin" + "${CC}" -shared \ + -I../../../include \ + ${CFLAGS} \ + -fPIC \ + ${LDFLAGS} \ + -o libaddrdnvalues-plugin.so \ + addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" + + fi +} + +src_test() { + cd tests ; make tests || die "make tests failed" +} + +src_install() { + lt="${S}/libtool" + emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install || die "make install failed" + + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example + docinto rfc ; dodoc doc/rfc/*.txt + + if ! use minimal; then + # openldap modules go here + # TODO: write some code to populate slapd.conf with moduleload statements + keepdir /usr/$(get_libdir)/openldap/openldap/ + + # initial data storage dir + keepdir /var/lib/openldap-data + use prefix || fowners ldap:ldap /var/lib/openldap-data + fperms 0700 /var/lib/openldap-data + + echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + + # use our config + rm "${ED}"etc/openldap/slapd.conf + insinto /etc/openldap + newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf + configfile="${ED}"etc/openldap/slapd.conf + + # populate with built backends + ebegin "populate config with built backends" + for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do + elog "Adding $(basename ${x})" + sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" + done + sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" + use prefix || fowners root:ldap /etc/openldap/slapd.conf + fperms 0640 /etc/openldap/slapd.conf + cp "${configfile}" "${configfile}".default + eend + + # install our own init scripts + newinitd "${FILESDIR}"/slapd-initd-2.4.28-r1 slapd + newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd + if [ $(get_libdir) != lib ]; then + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${ED}"etc/init.d/slapd + fi + # If built without SLP, we don't need to be before avahi + use slp \ + || sed -i \ + -e '/before/{s/avahi-daemon//g}' \ + "${ED}"etc/init.d/slapd + + if use cxx ; then + einfo "Install the ldapc++ library" + cd "${S}/contrib/ldapc++" + emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed" + newdoc README ldapc++-README + fi + + if use smbkrb5passwd ; then + einfo "Install the smbk5pwd module" + cd "${S}/contrib/slapd-modules/smbk5pwd" + emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed" + newdoc README smbk5pwd-README + fi + + if use overlays ; then + einfo "Install the samba4 module" + cd "${S}/contrib/slapd-modules/samba4" + emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed" + newdoc README samba4-README + fi + + einfo "Installing contrib modules" + cd "${S}/contrib/slapd-modules" + for l in */*.la; do + "${lt}" --mode=install cp ${l} \ + "${ED}"usr/$(get_libdir)/openldap/openldap || \ + die "installing ${l} failed" + done + docinto contrib + newdoc addpartial/README addpartial-README + newdoc allop/README allop-README + doman allop/slapo-allop.5 + newdoc autogroup/README autogroup-README + newdoc denyop/denyop.c denyop-denyop.c + newdoc dsaschema/README dsaschema-README + doman lastmod/slapo-lastmod.5 + doman nops/slapo-nops.5 + newdoc passwd/README passwd-README + cd "${S}/contrib/slapi-plugins" + insinto /usr/$(get_libdir)/openldap/openldap + doins */*.so + docinto contrib + newdoc addrdnvalues/README addrdnvalues-README + + insinto /etc/openldap/schema + newins "${DISTDIR}"/${BIS_P} ${BIS_PN} + fi +} + +pkg_preinst() { + # keep old libs if any + preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0) +} + +pkg_postinst() { + if ! use minimal ; then + # You cannot build SSL certificates during src_install that will make + # binary packages containing your SSL key, which is both a security risk + # and a misconfiguration if multiple machines use the same key and cert. + if use ssl; then + install_cert /etc/openldap/ssl/ldap + use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "add 'TLS_REQCERT never' if you want to use them." + fi + + if use prefix; then + # Warn about prefix issues with slapd + eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" + eerror "to start up, and requires that certain files directories be owned by" + eerror "ldap:ldap. As Prefix does not support changing ownership of files and" + eerror "directories, you will have to manually fix this yourself." + fi + + # These lines force the permissions of various content to be correct + use prefix || chown ldap:ldap "${EROOT}"var/run/openldap + chmod 0755 "${EROOT}"var/run/openldap + use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} + chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} + use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data + fi + + elog "Getting started using OpenLDAP? There is some documentation available:" + elog "Gentoo Guide to OpenLDAP Authentication" + elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)" + elog "---" + elog "An example file for tuning BDB backends with openldap is" + elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" + + preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0) +} diff --git a/net-nds/openldap/openldap-2.4.35.ebuild b/net-nds/openldap/openldap-2.4.35.ebuild new file mode 100644 index 000000000000..0c27ded7e135 --- /dev/null +++ b/net-nds/openldap/openldap-2.4.35.ebuild @@ -0,0 +1,669 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.35.ebuild,v 1.1 2013/04/16 03:58:26 robbat2 Exp $ + +EAPI="4" + +inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs autotools + +BIS_PN=rfc2307bis.schema +BIS_PV=20120525 +BIS_P="${BIS_PN}-${BIS_PV}" + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="http://www.OpenLDAP.org/" +SRC_URI="mirror://openldap/openldap-release/${P}.tgz + mirror://gentoo/${BIS_P}" + +LICENSE="OPENLDAP" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris" + +IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal" +IUSE_BACKEND="+berkdb" +IUSE_OVERLAY="overlays perl" +IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux" +IUSE_CONTRIB="smbkrb5passwd kerberos" +IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" +IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" + +REQUIRED_USE="cxx? ( sasl )" + +# openssl is needed to generate lanman-passwords required by samba +RDEPEND="icu? ( dev-libs/icu ) + ssl? ( !gnutls? ( dev-libs/openssl ) + gnutls? ( net-libs/gnutls dev-libs/libgcrypt ) ) + sasl? ( dev-libs/cyrus-sasl ) + !minimal? ( + sys-devel/libtool + tcpd? ( sys-apps/tcp-wrappers ) + odbc? ( !iodbc? ( dev-db/unixODBC ) + iodbc? ( dev-db/libiodbc ) ) + slp? ( net-libs/openslp ) + perl? ( dev-lang/perl[-build] ) + samba? ( dev-libs/openssl ) + berkdb? ( sys-libs/db ) + smbkrb5passwd? ( + dev-libs/openssl + app-crypt/heimdal ) + kerberos? ( virtual/krb5 ) + cxx? ( dev-libs/cyrus-sasl ) + ) + selinux? ( sec-policy/selinux-ldap )" +DEPEND="${RDEPEND} + sys-apps/groff" + +# for tracking versions +OPENLDAP_VERSIONTAG=".version-tag" +OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" + +openldap_filecount() { + local dir="$1" + find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l +} + +openldap_find_versiontags() { + # scan for all datadirs + openldap_datadirs="" + if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then + openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)" + fi + openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" + + einfo + einfo "Scanning datadir(s) from slapd.conf and" + einfo "the default installdir for Versiontags" + einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" + einfo + + # scan datadirs if we have a version tag + openldap_found_tag=0 + have_files=0 + for each in ${openldap_datadirs}; do + CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` + CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} + if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then + einfo "- Checking ${each}..." + if [ -r ${CURRENT_TAG} ] ; then + # yey, we have one :) + einfo " Found Versiontag in ${each}" + source ${CURRENT_TAG} + if [ "${OLDPF}" == "" ] ; then + eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" + eerror "Please delete it" + eerror + die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" + fi + + OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` + + [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 + + # are we on the same branch? + if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then + ewarn " Versiontag doesn't match current major release!" + if [[ "${have_files}" == "1" ]] ; then + eerror " Versiontag says other major and you (probably) have datafiles!" + echo + openldap_upgrade_howto + else + einfo " No real problem, seems there's no database." + fi + else + einfo " Versiontag is fine here :)" + fi + else + einfo " Non-tagged dir ${each}" + [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 + if [[ "${have_files}" == "1" ]] ; then + einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" + echo + + eerror + eerror "Your OpenLDAP Installation has a non tagged datadir that" + eerror "possibly contains a database at ${CURRENT_TAGDIR}" + eerror + eerror "Please export data if any entered and empty or remove" + eerror "the directory, installation has been stopped so you" + eerror "can take required action" + eerror + eerror "For a HOWTO on exporting the data, see instructions in the ebuild" + eerror + openldap_upgrade_howto + die "Please move the datadir ${CURRENT_TAGDIR} away" + fi + fi + einfo + fi + done + [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" + + # Now we must check for the major version of sys-libs/db linked against. + SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd + if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then + OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ + | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" + NEWVER="$(use berkdb && db_findver sys-libs/db)" + local fail=0 + if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then + : + # Nothing wrong here. + elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was not built against" + eerror " any version of sys-libs/db, but the new one will build" + eerror " against ${NEWVER} and your database may be inaccessible." + echo + fail=1 + elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will not be" + eerror " built against any version and your database may be" + eerror " inaccessible." + echo + fail=1 + elif [ "${OLDVER}" != "${NEWVER}" ]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will build against" + eerror " ${NEWVER} and your database would be inaccessible." + echo + fail=1 + fi + [ "${fail}" == "1" ] && openldap_upgrade_howto + fi + + echo + einfo + einfo "All datadirs are fine, proceeding with merge now..." + einfo +} + +openldap_upgrade_howto() { + eerror + eerror "A (possible old) installation of OpenLDAP was detected," + eerror "installation will not proceed for now." + eerror + eerror "As major version upgrades can corrupt your database," + eerror "you need to dump your database and re-create it afterwards." + eerror + eerror "Additionally, rebuilding against different major versions of the" + eerror "sys-libs/db libraries will cause your database to be inaccessible." + eerror "" + d="$(date -u +%s)" + l="/root/ldapdump.${d}" + i="${l}.raw" + eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" + eerror " 2. slapcat -l ${i}" + eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" + eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" + eerror " 5. emerge --update \=net-nds/${PF}" + eerror " 6. etc-update, and ensure that you apply the changes" + eerror " 7. slapadd -l ${l}" + eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" + eerror " 9. /etc/init.d/slapd start" + eerror "10. check that your data is intact." + eerror "11. set up the new replication system." + eerror + if [ "${FORCE_UPGRADE}" != "1" ]; then + die "You need to upgrade your database first" + else + eerror "You have the magical FORCE_UPGRADE=1 in place." + eerror "Don't say you weren't warned about data loss." + fi +} + +pkg_setup() { + if ! use sasl && use cxx ; then + die "To build the ldapc++ library you must emerge openldap with sasl support" + fi + # Bug #322787 + if use minimal && ! has_version "net-nds/openldap" ; then + einfo "No datadir scan needed, openldap not installed" + elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then + einfo "Skipping scan for previous datadirs as requested by minimal useflag" + else + openldap_find_versiontags + fi + + enewgroup ldap 439 + enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap +} + +src_prepare() { + # ensure correct SLAPI path by default + sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \ + "${S}"/include/ldap_defaults.h + + epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch + + epatch \ + "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ + "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch + + # bug #116045 - still present in 2.4.28 + epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch + # bug #408077 - samba4 + epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch + + # bug #189817 + epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch + + # bug #233633 + epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch + + # bug #281495 + epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch + + # bug #294350 + epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch + + # unbreak /bin/sh -> dash + epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch + + # bug #420959 + epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch + + # bug #421463 + epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch + + cd "${S}"/build + einfo "Making sure upstream build strip does not do stripping too early" + sed -i.orig \ + -e '/^STRIP/s,-s,,g' \ + top.mk || die "Failed to block stripping" + + # wrong assumption that /bin/sh is /bin/bash + sed -i \ + -e 's|/bin/sh|/bin/bash|g' \ + "${S}"/tests/scripts/* || die "sed failed" + + cd "${S}" + AT_NOEAUTOMAKE=yes eautoreconf +} + +build_contrib_module() { + lt="${S}/libtool" + # <dir> <sources> <outputname> + cd "${S}/contrib/slapd-modules/$1" + einfo "Compiling contrib-module: $3" + # Make sure it's uppercase + local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -D${define_name}=SLAPD_MOD_DYNAMIC \ + -I../../../include -I../../../servers/slapd ${CFLAGS} \ + -o ${2%.c}.lo -c $2 || die "compiling $3 failed" + einfo "Linking contrib-module: $3" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o $3.la ${2%.c}.lo || die "linking $3 failed" +} + +src_configure() { + local myconf + + #Fix for glibc-2.8 and ucred. Bug 228457. + append-flags -D_GNU_SOURCE + + # Bug 408001 + use elibc_FreeBSD && append-flags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync + + use debug && myconf="${myconf} $(use_enable debug)" + + # ICU usage is not configurable + export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)" + + if ! use minimal ; then + # re-enable serverside overlay chains per bug #296567 + # see ldap docs chaper 12.3.1 for details + myconf="${myconf} --enable-ldap" + + # backends + myconf="${myconf} --enable-slapd" + if use berkdb ; then + einfo "Using Berkeley DB for local backend" + myconf="${myconf} --enable-bdb --enable-hdb" + # We need to include the slotted db.h dir for FreeBSD + append-cppflags -I$(db_includedir) + else + ewarn + ewarn "Note: if you disable berkdb, you can only use remote-backends!" + ewarn + ebeep 5 + myconf="${myconf} --disable-bdb --disable-hdb" + fi + for backend in dnssrv ldap meta monitor null passwd relay shell sock; do + myconf="${myconf} --enable-${backend}=mod" + done + + myconf="${myconf} $(use_enable perl perl mod)" + + myconf="${myconf} $(use_enable odbc sql mod)" + if use odbc ; then + local odbc_lib="unixodbc" + if use iodbc ; then + odbc_lib="iodbc" + append-cppflags -I"${EPREFIX}"/usr/include/iodbc + fi + myconf="${myconf} --with-odbc=${odbc_lib}" + fi + + # slapd options + myconf="${myconf} $(use_enable crypt) $(use_enable slp)" + myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)" + if use experimental ; then + myconf="${myconf} --enable-dynacl" + myconf="${myconf} --enable-aci=mod" + fi + for option in aci cleartext modules rewrite rlookups slapi; do + myconf="${myconf} --enable-${option}" + done + + # slapd overlay options + # Compile-in the syncprov, the others as module + myconf="${myconf} --enable-syncprov=yes" + use overlays && myconf="${myconf} --enable-overlays=mod" + + else + myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb" + myconf="${myconf} --disable-overlays --disable-syslog" + fi + + # basic functionality stuff + myconf="${myconf} $(use_enable ipv6)" + myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)" + myconf="${myconf} $(use_enable tcpd wrappers)" + + local ssl_lib="no" + if use ssl || ( use ! minimal && use samba ) ; then + ssl_lib="openssl" + use gnutls && ssl_lib="gnutls" + fi + + myconf="${myconf} --with-tls=${ssl_lib}" + + for basicflag in dynamic local proctitle shared static; do + myconf="${myconf} --enable-${basicflag}" + done + + # connectionless ldap per bug #342439 + append-cppflags -DLDAP_CONNECTIONLESS + + tc-export CC AR CXX + STRIP=/bin/true \ + econf \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ + ${myconf} || die "econf failed" +} + +src_configure_cxx() { + # This needs the libraries built by the first build run. + # So we have to run it AFTER the main build, not just after the main + # configure. + if ! use minimal ; then + if use cxx ; then + local myconf_ldapcpp + myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include" + cd "${S}/contrib/ldapc++" + OLD_LDFLAGS="$LDFLAGS" + OLD_CPPFLAGS="$CPPFLAGS" + append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs + append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs + append-cppflags -I../../../include + econf ${myconf_ldapcpp} \ + CC="${CC}" \ + CXX="${CXX}" \ + || die "econf ldapc++ failed" + CPPFLAGS="$OLD_CPPFLAGS" + LDFLAGS="${OLD_LDFLAGS}" + fi + fi +} + +src_compile() { + emake depend || die "emake depend failed" + emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash || die "emake failed" + lt="${S}/libtool" + export echo="echo" + + if ! use minimal ; then + if use cxx ; then + einfo "Building contrib library: ldapc++" + src_configure_cxx + cd "${S}/contrib/ldapc++" + emake \ + CC="${CC}" CXX="${CXX}" \ + || die "emake ldapc++ failed" + fi + + if use smbkrb5passwd ; then + einfo "Building contrib-module: smbk5pwd" + cd "${S}/contrib/slapd-modules/smbk5pwd" + + emake \ + DEFS="-DDO_SAMBA -DDO_KRB5 -DDO_SHADOW" \ + KRB5_INC="$(krb5-config --cflags)" \ + CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \ + || die "emake smbk5pwd failed" + fi + + if use overlays ; then + einfo "Building contrib-module: samba4" + cd "${S}/contrib/slapd-modules/samba4" + + emake \ + CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \ + || die "emake samba4 failed" + fi + + if use kerberos ; then + cd "${S}/contrib/slapd-modules/passwd" + einfo "Compiling contrib-module: pw-kerberos" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I../../../include \ + ${CFLAGS} \ + $(krb5-config --cflags) \ + -DHAVE_KRB5 \ + -o kerberos.lo \ + -c kerberos.c || die "compiling pw-kerberos failed" + einfo "Linking contrib-module: pw-kerberos" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-kerberos.la \ + kerberos.lo || die "linking pw-kerberos failed" + fi + # We could build pw-radius if GNURadius would install radlib.h + cd "${S}/contrib/slapd-modules/passwd" + einfo "Compiling contrib-module: pw-netscape" + "${lt}" --mode=compile --tag=CC \ + "${CC}" \ + -I../../../include \ + ${CFLAGS} \ + -o netscape.lo \ + -c netscape.c || die "compiling pw-netscape failed" + einfo "Linking contrib-module: pw-netscape" + "${lt}" --mode=link --tag=CC \ + "${CC}" -module \ + ${CFLAGS} \ + ${LDFLAGS} \ + -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ + -o pw-netscape.la \ + netscape.lo || die "linking pw-netscape failed" + + build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" + build_contrib_module "allop" "allop.c" "overlay-allop" + build_contrib_module "allowed" "allowed.c" "allowed" + build_contrib_module "autogroup" "autogroup.c" "autogroup" + build_contrib_module "denyop" "denyop.c" "denyop-overlay" + build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" + # lastmod may not play well with other overlays + build_contrib_module "lastmod" "lastmod.c" "lastmod" + build_contrib_module "nops" "nops.c" "nops-overlay" + build_contrib_module "trace" "trace.c" "trace" + # build slapi-plugins + cd "${S}/contrib/slapi-plugins/addrdnvalues" + einfo "Building contrib-module: addrdnvalues plugin" + "${CC}" -shared \ + -I../../../include \ + ${CFLAGS} \ + -fPIC \ + ${LDFLAGS} \ + -o libaddrdnvalues-plugin.so \ + addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" + + fi +} + +src_test() { + cd tests ; make tests || die "make tests failed" +} + +src_install() { + lt="${S}/libtool" + emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install || die "make install failed" + + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example + docinto rfc ; dodoc doc/rfc/*.txt + + if ! use minimal; then + # openldap modules go here + # TODO: write some code to populate slapd.conf with moduleload statements + keepdir /usr/$(get_libdir)/openldap/openldap/ + + # initial data storage dir + keepdir /var/lib/openldap-data + use prefix || fowners ldap:ldap /var/lib/openldap-data + fperms 0700 /var/lib/openldap-data + + echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + + # use our config + rm "${ED}"etc/openldap/slapd.conf + insinto /etc/openldap + newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf + configfile="${ED}"etc/openldap/slapd.conf + + # populate with built backends + ebegin "populate config with built backends" + for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do + elog "Adding $(basename ${x})" + sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" + done + sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" + use prefix || fowners root:ldap /etc/openldap/slapd.conf + fperms 0640 /etc/openldap/slapd.conf + cp "${configfile}" "${configfile}".default + eend + + # install our own init scripts + newinitd "${FILESDIR}"/slapd-initd-2.4.28-r1 slapd + newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd + if [ $(get_libdir) != lib ]; then + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${ED}"etc/init.d/slapd + fi + # If built without SLP, we don't need to be before avahi + use slp \ + || sed -i \ + -e '/before/{s/avahi-daemon//g}' \ + "${ED}"etc/init.d/slapd + + if use cxx ; then + einfo "Install the ldapc++ library" + cd "${S}/contrib/ldapc++" + emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed" + newdoc README ldapc++-README + fi + + if use smbkrb5passwd ; then + einfo "Install the smbk5pwd module" + cd "${S}/contrib/slapd-modules/smbk5pwd" + emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed" + newdoc README smbk5pwd-README + fi + + if use overlays ; then + einfo "Install the samba4 module" + cd "${S}/contrib/slapd-modules/samba4" + emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed" + newdoc README samba4-README + fi + + einfo "Installing contrib modules" + cd "${S}/contrib/slapd-modules" + for l in */*.la; do + "${lt}" --mode=install cp ${l} \ + "${ED}"usr/$(get_libdir)/openldap/openldap || \ + die "installing ${l} failed" + done + docinto contrib + newdoc addpartial/README addpartial-README + newdoc allop/README allop-README + doman allop/slapo-allop.5 + newdoc autogroup/README autogroup-README + newdoc denyop/denyop.c denyop-denyop.c + newdoc dsaschema/README dsaschema-README + doman lastmod/slapo-lastmod.5 + doman nops/slapo-nops.5 + newdoc passwd/README passwd-README + cd "${S}/contrib/slapi-plugins" + insinto /usr/$(get_libdir)/openldap/openldap + doins */*.so + docinto contrib + newdoc addrdnvalues/README addrdnvalues-README + + insinto /etc/openldap/schema + newins "${DISTDIR}"/${BIS_P} ${BIS_PN} + fi +} + +pkg_preinst() { + # keep old libs if any + preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0) +} + +pkg_postinst() { + if ! use minimal ; then + # You cannot build SSL certificates during src_install that will make + # binary packages containing your SSL key, which is both a security risk + # and a misconfiguration if multiple machines use the same key and cert. + if use ssl; then + install_cert /etc/openldap/ssl/ldap + use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "add 'TLS_REQCERT never' if you want to use them." + fi + + if use prefix; then + # Warn about prefix issues with slapd + eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" + eerror "to start up, and requires that certain files directories be owned by" + eerror "ldap:ldap. As Prefix does not support changing ownership of files and" + eerror "directories, you will have to manually fix this yourself." + fi + + # These lines force the permissions of various content to be correct + use prefix || chown ldap:ldap "${EROOT}"var/run/openldap + chmod 0755 "${EROOT}"var/run/openldap + use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} + chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} + use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data + fi + + elog "Getting started using OpenLDAP? There is some documentation available:" + elog "Gentoo Guide to OpenLDAP Authentication" + elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)" + elog "---" + elog "An example file for tuning BDB backends with openldap is" + elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" + + preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0) +} |