diff options
Diffstat (limited to 'sys-auth/sssd')
20 files changed, 672 insertions, 1544 deletions
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest index 8a957aee6b06..99b108e1bbf8 100644 --- a/sys-auth/sssd/Manifest +++ b/sys-auth/sssd/Manifest @@ -1,6 +1,2 @@ -DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728 -DIST sssd-2.1.0.tar.gz 6463331 BLAKE2B 9226370dc384c58841d944bdf9b067d953bf138ee7a289f01a4b8bb5d09beee3b9f21609989123d8f4f9fc13237670d61e32dcb194555ddc6785c598ce78d08c SHA512 12a7e5b89d462350af3c43e15b24a437dd985ac4a2e419d5e52cc0d05c6eacb9319d39b23681595ef860120cd1ae6e5fb265054afeddcb05d3d5f5de5d6ffa63 -DIST sssd-2.2.0.tar.gz 6642715 BLAKE2B e6c16ca69effe59769fc166c02203faee445ebe2bf551c6a1460bdee2474ccbce1a38b3aa59b1ae4a79bb170696a784b800a9299025bf6a58bc9aeb94b946338 SHA512 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb -DIST sssd-2.2.2.tar.gz 6767578 BLAKE2B e0eedaf1da1de953903730c96479af0709ee14dd83eca82a11316dc96c29573b5f3de5965f386d5c12a69e7d98b6168c9d197bbd46ac51f0122feababe52dfe1 SHA512 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801 -DIST sssd-2.2.3.tar.gz 6894302 BLAKE2B b72443ebd4f50581a0d9d2b7cf691fdda0dfe3cfb2ed82c383595aeca8d6198c7f44f1c49e56bdfeac23f9151897ac2df70d1afbbeceb2231daee71492884420 SHA512 b61d52a53e26e8efa9cb799fc6efc2314bf9d174d3cacfe591a4ca77530637591eacc0dc70c0555252e04a9617e8b134b1ab2d9b0f7351b4228e7b61499e6a10 -DIST sssd-2.3.1.tar.gz 7186526 BLAKE2B 6d630fe75b9b426ef54adbe1704fde8e01fc34df7861028c07ce2985db8a151ce743d633061386fea6460fe8eabb89242b816d4bac87975bb9b7b2064ad1d547 SHA512 6aeb52d5222c5992d581296996749327bcaf276e4eb4413a6a32ea6529343432cfe413006aca4245c19b38b515be1c4c2ef88a157c617d889274179253355bc6 +DIST sssd-2.9.1.tar.gz 7943540 BLAKE2B 9113b63d54beb40ba85c5b5c75068197317b3b8088119cf6557c6b4aed113d2d67f0bc64fc68fb34f4dbef54cccdb8b32ef44112115930751fdec5ec92e0a09b SHA512 eb7345dcfbbd51f005f67ee5032364d369d24589111ded60701e2dbe09563f0b862d343f231dd2e9d548acd8c560a036c8b88a0601f9aa048a7202da8202cd9b +DIST sssd-2.9.4.tar.gz 7982544 BLAKE2B 6ed23787f1c029abc89f2bbe516787ddbe2fa39f052b75b965972b0a3532c66076f16b775258c5ee6f4ac9ef63bd6ab5bad1a3b660bcac135b3af460d0f14748 SHA512 9546cf074628f32137b16ca0c763988785271124244b645d1e786762e8578f10d983793a29bffcc004b064452fe8d465476a3041688d2f3c11c2751fb5bec3e2 diff --git a/sys-auth/sssd/files/sssd b/sys-auth/sssd/files/sssd deleted file mode 100644 index c79b79ac1e18..000000000000 --- a/sys-auth/sssd/files/sssd +++ /dev/null @@ -1,21 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - - -command="/usr/sbin/sssd" -command_args="${SSSD_OPTIONS} -D" -start_stop_daemon_args="--quiet" -description="System Security Services Daemon" - -depend(){ - need localmount clock - use syslog xdm -} - -if [ "${RC_VERSION:-0}" = "0" ]; then - start() { - eerror "This script cannot be used for baselayout-1." - return 1 - } -fi diff --git a/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch b/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch deleted file mode 100644 index 9d59ae91be55..000000000000 --- a/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch +++ /dev/null @@ -1,71 +0,0 @@ -From fe9eeb51be06059721e873f77092b1e9ba08e6c1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com> -Date: Thu, 27 Feb 2020 06:50:40 +0100 -Subject: [PATCH] nss: Collision with external nss symbol -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -One of our internal static function names started -to collide with external nss symbol. Additional -sss_ suffix was added to avoid the collision. - -This is needed to unblock Fedora Rawhide's -SSSD build. - -Reviewed-by: Pavel Březina <pbrezina@redhat.com> ---- - src/responder/nss/nss_cmd.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c -index 356aea1564..02706c4b94 100644 ---- a/src/responder/nss/nss_cmd.c -+++ b/src/responder/nss/nss_cmd.c -@@ -731,11 +731,13 @@ static void nss_getent_done(struct tevent_req *subreq) - talloc_free(cmd_ctx); - } - --static void nss_setnetgrent_done(struct tevent_req *subreq); -+static void sss_nss_setnetgrent_done(struct tevent_req *subreq); - --static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx, -- enum cache_req_type type, -- nss_protocol_fill_packet_fn fill_fn) -+/* This function's name started to collide with external nss symbol, -+ * so it has additional sss_* prefix unlike other functions here. */ -+static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx, -+ enum cache_req_type type, -+ nss_protocol_fill_packet_fn fill_fn) - { - struct nss_ctx *nss_ctx; - struct nss_state_ctx *state_ctx; -@@ -777,7 +779,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx, - goto done; - } - -- tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx); -+ tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx); - - ret = EOK; - -@@ -790,7 +792,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx, - return EOK; - } - --static void nss_setnetgrent_done(struct tevent_req *subreq) -+static void sss_nss_setnetgrent_done(struct tevent_req *subreq) - { - struct nss_cmd_ctx *cmd_ctx; - errno_t ret; -@@ -1040,8 +1042,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx) - - static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx) - { -- return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME, -- nss_protocol_fill_setnetgrent); -+ return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME, -+ nss_protocol_fill_setnetgrent); - } - - static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx) diff --git a/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch b/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch deleted file mode 100644 index b84df9a91cba..000000000000 --- a/sys-auth/sssd/files/sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch +++ /dev/null @@ -1,32 +0,0 @@ -From fc79d035ccc4c1a5da26bbd780aeb7e0a0afebf5 Mon Sep 17 00:00:00 2001 -From: Matt Turner <mattst88@gmail.com> -Date: Fri, 14 Aug 2020 13:36:30 -0700 -Subject: [PATCH] test_ca: Look for libsofthsm2.so in /usr/${libdir}/softhsm - too - -Signed-off-by: Matt Turner <mattst88@gmail.com> ---- - src/external/test_ca.m4 | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/external/test_ca.m4 b/src/external/test_ca.m4 -index 4d45a5a16..d318789bc 100644 ---- a/src/external/test_ca.m4 -+++ b/src/external/test_ca.m4 -@@ -33,9 +33,10 @@ AC_DEFUN([AM_CHECK_TEST_CA], - AM_CONDITIONAL([BUILD_TEST_CA], [test -x "$OPENSSL" -a -x "$SSH_KEYGEN" -a -x "$CERTUTIL" -a -x "$PK12UTIL"]) - else - -- for p in /usr/lib64/pkcs11/libsofthsm2.so /usr/lib/pkcs11/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so; do -- if test -f "${p}"; then -- SOFTHSM2_PATH="${p}" -+ for p in /usr/lib{64,}/{softhsm,pkcs11} /usr/lib/x86_64-linux-gnu/softhsm; do -+ f="${p}/libsofthsm2.so" -+ if test -f "${f}"; then -+ SOFTHSM2_PATH="${f}" - break; - fi - done --- -2.26.2 - diff --git a/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch b/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch new file mode 100644 index 000000000000..a8bd397cd063 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.8.2-krb5_pw_locked.patch @@ -0,0 +1,12 @@ +diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c +index a1c0b36..207c010 100644 +--- a/src/providers/krb5/krb5_auth.c ++++ b/src/providers/krb5/krb5_auth.c +@@ -1037,6 +1037,7 @@ static void krb5_auth_done(struct tevent_req *subreq) + case ERR_ACCOUNT_LOCKED: + state->pam_status = PAM_PERM_DENIED; + state->dp_err = DP_ERR_OK; ++ state->pd->account_locked = true; + ret = EOK; + goto done; + diff --git a/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch b/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch new file mode 100644 index 000000000000..c849fe76b446 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch @@ -0,0 +1,31 @@ +From 74d0f4538deb766592079b1abca0d949d6dea105 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov <atikhono@redhat.com> +Date: Thu, 15 Jun 2023 12:05:03 +0200 +Subject: [PATCH 1/1] BUILD: Accept krb5 1.21 for building the PAC plugin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Alejandro López <allopez@redhat.com> +Reviewed-by: Sumit Bose <sbose@redhat.com> +--- + src/external/pac_responder.m4 | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4 +index 3cbe3c9cfba03b59e26a8c5c2d73446eead2acea..90727185b574411bddd928f8d87efdc87076eba4 100644 +--- a/src/external/pac_responder.m4 ++++ b/src/external/pac_responder.m4 +@@ -22,7 +22,8 @@ then + Kerberos\ 5\ release\ 1.17* | \ + Kerberos\ 5\ release\ 1.18* | \ + Kerberos\ 5\ release\ 1.19* | \ +- Kerberos\ 5\ release\ 1.20*) ++ Kerberos\ 5\ release\ 1.20* | \ ++ Kerberos\ 5\ release\ 1.21*) + krb5_version_ok=yes + AC_MSG_RESULT([yes]) + ;; +-- +2.41.0 + diff --git a/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch b/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch new file mode 100644 index 000000000000..258940bab38e --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.1-certmap-fix-partial-string-comparison.patch @@ -0,0 +1,87 @@ +From 11afa7a6ef7e15f1e98c7145ad5c80bbdfc520e2 Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Tue, 4 Jul 2023 19:06:27 +0200 +Subject: [PATCH 3/3] certmap: fix partial string comparison +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If the formatting option of the certificate digest/hash function +contained and additional specifier separated with a '_' the comparison +of the provided digest name and the available ones was incomplete, the +last character was ignored and the comparison was successful if even if +there was only a partial match. + +Resolves: https://github.com/SSSD/sssd/issues/6802 + +Reviewed-by: Alejandro López <allopez@redhat.com> +Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> +(cherry picked from commit 0817ca3b366f51510705ab77d7900c0b65b7d2fc) +--- + src/lib/certmap/sss_certmap_ldap_mapping.c | 9 ++++++++- + src/tests/cmocka/test_certmap.c | 22 ++++++++++++++++++++++ + 2 files changed, 30 insertions(+), 1 deletion(-) + +diff --git a/src/lib/certmap/sss_certmap_ldap_mapping.c b/src/lib/certmap/sss_certmap_ldap_mapping.c +index 2f16837a1..354b0310b 100644 +--- a/src/lib/certmap/sss_certmap_ldap_mapping.c ++++ b/src/lib/certmap/sss_certmap_ldap_mapping.c +@@ -228,14 +228,21 @@ int check_digest_conversion(const char *inp, const char **digest_list, + bool colon = false; + bool reverse = false; + char *c; ++ size_t len = 0; + + sep = strchr(inp, '_'); ++ if (sep != NULL) { ++ len = sep - inp; ++ } + + for (d = 0; digest_list[d] != NULL; d++) { + if (sep == NULL) { + cmp = strcasecmp(digest_list[d], inp); + } else { +- cmp = strncasecmp(digest_list[d], inp, (sep - inp -1)); ++ if (strlen(digest_list[d]) != len) { ++ continue; ++ } ++ cmp = strncasecmp(digest_list[d], inp, len); + } + + if (cmp == 0) { +diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c +index da312beaf..a15984d60 100644 +--- a/src/tests/cmocka/test_certmap.c ++++ b/src/tests/cmocka/test_certmap.c +@@ -2183,6 +2183,28 @@ static void test_sss_certmap_ldapu1_cert(void **state) + assert_non_null(ctx); + assert_null(ctx->prio_list); + ++ /* cert!sha */ ++ ret = sss_certmap_add_rule(ctx, 91, ++ "KRB5:<ISSUER>.*", ++ "LDAP:rule91={cert!sha}", NULL); ++ assert_int_equal(ret, EINVAL); ++ ++ ret = sss_certmap_add_rule(ctx, 91, ++ "KRB5:<ISSUER>.*", ++ "LDAPU1:rule91={cert!sha}", NULL); ++ assert_int_equal(ret, EINVAL); ++ ++ /* cert!sha_u */ ++ ret = sss_certmap_add_rule(ctx, 90, ++ "KRB5:<ISSUER>.*", ++ "LDAP:rule90={cert!sha_u}", NULL); ++ assert_int_equal(ret, EINVAL); ++ ++ ret = sss_certmap_add_rule(ctx, 99, ++ "KRB5:<ISSUER>.*", ++ "LDAPU1:rule90={cert!sha_u}", NULL); ++ assert_int_equal(ret, EINVAL); ++ + /* cert!sha555 */ + ret = sss_certmap_add_rule(ctx, 89, + "KRB5:<ISSUER>.*", +-- +2.38.1 + diff --git a/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch b/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch new file mode 100644 index 000000000000..de46b96c82f9 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.1-conditional-python-install.patch @@ -0,0 +1,19 @@ +diff --git a/src/tools/analyzer/Makefile.am b/src/tools/analyzer/Makefile.am +index b40043d04..dce6b9d36 100644 +--- a/src/tools/analyzer/Makefile.am ++++ b/src/tools/analyzer/Makefile.am +@@ -5,7 +5,9 @@ dist_sss_analyze_python_SCRIPTS = \ + $(NULL) + + pkgpythondir = $(python3dir)/sssd ++modulesdir = $(pkgpythondir)/modules + ++if BUILD_PYTHON_BINDINGS + dist_pkgpython_DATA = \ + __init__.py \ + source_files.py \ +@@ -20,3 +22,4 @@ dist_modules_DATA = \ + modules/__init__.py \ + modules/request.py \ + $(NULL) ++endif diff --git a/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch b/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch new file mode 100644 index 000000000000..3a724363382b --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch @@ -0,0 +1,39 @@ +From 15d7d34b20219e2fd45c43881088f5d542e9603e Mon Sep 17 00:00:00 2001 +From: Sumit Bose <sbose@redhat.com> +Date: Tue, 4 Jul 2023 18:56:35 +0200 +Subject: [PATCH 2/3] sssct: allow cert-show and cert-eval-rule as non-root +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The cert-show and cert-eval-rule sub-commands do not need root access and +do not require SSSD to be configured on the host. + +Resolves: https://github.com/SSSD/sssd/issues/6802 + +Reviewed-by: Alejandro López <allopez@redhat.com> +Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> +(cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4) +--- + src/tools/sssctl/sssctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c +index 855260aed..04c41aa9a 100644 +--- a/src/tools/sssctl/sssctl.c ++++ b/src/tools/sssctl/sssctl.c +@@ -340,9 +340,9 @@ int main(int argc, const char **argv) + SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT), + #endif + SSS_TOOL_DELIMITER("Certificate related tools:"), +- SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show), ++ SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), + SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map), +- SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule), ++ SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), + #ifdef BUILD_PASSKEY + SSS_TOOL_DELIMITER("Passkey related tools:"), + SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), +-- +2.38.1 + diff --git a/sys-auth/sssd/files/sssd-curl-macros.patch b/sys-auth/sssd/files/sssd-curl-macros.patch deleted file mode 100644 index 91e71e837875..000000000000 --- a/sys-auth/sssd/files/sssd-curl-macros.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001 -From: Mikle Kolyada <zlogene@gentoo.org> -Date: Sun, 16 Dec 2018 20:42:39 +0300 -Subject: [PATCH] tev_curl.c: remove case duplication - -CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided -by net-misc/curl-7.62.0 and older ---- - tev_curl.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/tev_curl.c b/tev_curl.c -index 6a7a580..ce6fdba 100644 ---- a/src/util/tev_curl.c -+++ b/src/util/tev_curl.c -@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv) - return ETIMEDOUT; - case CURLE_SSL_ISSUER_ERROR: - case CURLE_SSL_CACERT_BADFILE: -- case CURLE_SSL_CACERT: - case CURLE_SSL_CERTPROBLEM: - return ERR_INVALID_CERT; - -@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv) - case CURLE_SSL_ENGINE_NOTFOUND: - case CURLE_SSL_CONNECT_ERROR: - return ERR_SSL_FAILURE; -- case CURLE_PEER_FAILED_VERIFICATION: -- return ERR_UNABLE_TO_VERIFY_PEER; - case CURLE_COULDNT_RESOLVE_HOST: - return ERR_UNABLE_TO_RESOLVE_HOST; - default: --- -2.19.2
\ No newline at end of file diff --git a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch deleted file mode 100644 index 87db45fd24bb..000000000000 --- a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001 -From: Tomas Halman <thalman@redhat.com> -Date: Mon, 3 Dec 2018 14:11:31 +0100 -Subject: [PATCH] nss: sssd returns '/' for emtpy home directories - -For empty home directory in passwd file sssd returns "/". Sssd -should respect system behaviour and return the same as nsswitch -"files" module - return empty string. - -Resolves: -https://pagure.io/SSSD/sssd/issue/3901 - -Reviewed-by: Simo Sorce <simo@redhat.com> -Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> -(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49) ---- - src/confdb/confdb.c | 9 +++++++++ - src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++ - src/responder/nss/nss_protocol_pwent.c | 2 +- - src/tests/intg/test_files_provider.py | 2 +- - 4 files changed, 30 insertions(+), 2 deletions(-) - -diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c -index a3eb9c66d9..17bb4f8274 100644 ---- a/src/confdb/confdb.c -+++ b/src/confdb/confdb.c -@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, - ret = ENOMEM; - goto done; - } -+ } else { -+ if (strcasecmp(domain->provider, "ad") == 0) { -+ /* ad provider default */ -+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u"); -+ if (!domain->fallback_homedir) { -+ ret = ENOMEM; -+ goto done; -+ } -+ } - } - - tmp = ldb_msg_find_attr_as_string(res->msgs[0], -diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml -index 818a2bf787..425b7e8ee0 100644 ---- a/src/man/include/ad_modified_defaults.xml -+++ b/src/man/include/ad_modified_defaults.xml -@@ -76,4 +76,23 @@ - </listitem> - </itemizedlist> - </refsect2> -+ <refsect2 id='nss_modifications'> -+ <title>NSS configuration</title> -+ <itemizedlist> -+ <listitem> -+ <para> -+ fallback_homedir = /home/%d/%u -+ </para> -+ <para> -+ The AD provider automatically sets -+ "fallback_homedir = /home/%d/%u" to provide personal -+ home directories for users without the homeDirectory -+ attribute. If your AD Domain is properly -+ populated with Posix attributes, and you want to avoid -+ this fallback behavior, you can explicitly -+ set "fallback_homedir = %o". -+ </para> -+ </listitem> -+ </itemizedlist> -+ </refsect2> - </refsect1> -diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c -index af9e74fc86..86fa4ec465 100644 ---- a/src/responder/nss/nss_protocol_pwent.c -+++ b/src/responder/nss/nss_protocol_pwent.c -@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx, - - homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx); - if (homedir == NULL) { -- return "/"; -+ return ""; - } - - return homedir; -diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py -index ead1cc4c34..4761f1bd15 100644 ---- a/src/tests/intg/test_files_provider.py -+++ b/src/tests/intg/test_files_provider.py -@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only): - Test that resolving a user without a homedir defined works and returns - a fallback value - """ -- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/')) -+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '')) - - - def test_user_no_gecos(setup_pw_with_canary, files_domain_only): diff --git a/sys-auth/sssd/files/sssd.service b/sys-auth/sssd/files/sssd.service deleted file mode 100644 index 1821089a6094..000000000000 --- a/sys-auth/sssd/files/sssd.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=System Security Services Daemon -# SSSD will not be started until syslog is -After=syslog.target - -[Service] -ExecStart=/usr/sbin/sssd -D -f -# These two should be used with traditional UNIX forking daemons -# consult systemd.service(5) for more details -Type=forking -PIDFile=/run/sssd.pid - -[Install] -WantedBy=multi-user.target - diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml index 5b808c16efca..a4f6c50a3f9e 100644 --- a/sys-auth/sssd/metadata.xml +++ b/sys-auth/sssd/metadata.xml @@ -1,26 +1,27 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="project"> <email>base-system@gentoo.org</email> <name>Gentoo Base System</name> </maintainer> - <maintainer type="person"> - <email>alexxy@gentoo.org</email> - <name>Alexey Shvetsov</name> + <maintainer type="person" proxied="yes"> + <email>salah.coronya@gmail.com</email> + <name>Christopher Byrne</name> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> </maintainer> <use> <flag name="acl"> Build and use the cifsidmap plugin</flag> - <flag name="autofs">Build helper to let <pkg>net-fs/autofs</pkg> use sssd provided information</flag> - <flag name="locator">Install sssd's Kerberos plugin</flag> - <flag name="man">Build man pages with <pkg>dev-libs/libxslt</pkg></flag> - <flag name="manpages">Build man pages with <pkg>dev-libs/libxslt</pkg></flag> + <flag name="keyutils">Controls whether the kernel keyring should be used via <pkg>sys-apps/keyutils</pkg></flag> <flag name="netlink">Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag> - <flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-libs/libnfsidmap</pkg></flag> - <flag name="pac">Add Privileged Attribute Certificate Support for Kerberos</flag> - <flag name="ssh">Build helper to let <pkg>net-misc/openssh</pkg> use sssd provided information</flag> + <flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-fs/nfs-utils</pkg></flag> + <flag name="samba">Add Privileged Attribute Certificate Support for Kerberos</flag> + <flag name="subid">Support subordinate uid and gid ranges in FreeIPA</flag> <flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag> - <flag name="valgrind">Depend on <pkg>dev-util/valgrind</pkg> for test suite</flag> + <flag name="systemtap">Enable SystemTAP/DTrace tracing</flag> </use> <upstream> <remote-id type="cpe">cpe:/a:fedoraproject:sssd</remote-id> diff --git a/sys-auth/sssd/sssd-1.16.3-r3.ebuild b/sys-auth/sssd/sssd-1.16.3-r3.ebuild deleted file mode 100644 index a887a0cb720e..000000000000 --- a/sys-auth/sssd/sssd-1.16.3-r3.ebuild +++ /dev/null @@ -1,233 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs - -DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" -RESTRICT="!test? ( test )" - -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 - >=dev-libs/ding-libs-0.2 - >=sys-libs/talloc-2.0.7 - >=sys-libs/tdb-1.2.9 - >=sys-libs/tevent-0.9.16 - >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.5 ) - " - -RDEPEND="${COMMON_DEP} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 - app-text/docbook-xml-dtd:4.4 - )" - -CONFIG_CHECK="~KEYS" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/ipa_hbac.h - /usr/include/sss_idmap.h - /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h - # --with-ifp - /usr/include/sss_sifp.h - /usr/include/sss_sifp_dbus.h - # from 1.15.3 - /usr/include/sss_certmap.h -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - eapply "${FILESDIR}"/${PN}-curl-macros.patch - eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch - - default - eautoreconf - multilib_copy_sources -} - -src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. - local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" - - myconf+=( - --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) - --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) - --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --with-os=gentoo - --with-nscd - --with-unicode-lib="glib2" - --disable-rpath - --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) - $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_with selinux) - $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) - $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) - $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" - --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config - ) - - if ! multilib_is_native_abi; then - # work-around all the libraries that are used for CLI and server - myconf+=( - {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' - # ldb headers are fine since native needs it - # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' - - # use native include path for dbus (needed for build) - DBUS_CFLAGS="${native_dbus_cflags}" - - # non-pkgconfig checks - ac_cv_lib_ldap_ldap_search=yes - --without-secrets - --without-libwbclient - --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true - ) - fi - - econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - default - else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install - else - # easier than playing with automake... - dopammod .libs/pam_sss.so - - into / - dolib.so .libs/libnss_sss.so* - - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - insinto /etc/sssd - insopts -m600 - doins "${S}"/src/examples/sssd-example.conf - - insinto /etc/logrotate.d - insopts -m644 - newins "${S}"/src/examples/logrotate sssd - - newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd - - keepdir /var/lib/sss/db - keepdir /var/lib/sss/deskprofile - keepdir /var/lib/sss/gpo_cache - keepdir /var/lib/sss/keytabs - keepdir /var/lib/sss/mc - keepdir /var/lib/sss/pipes/private - keepdir /var/lib/sss/pubconf/krb5.include.d - keepdir /var/lib/sss/secrets - keepdir /var/log/sssd - - systemd_dounit "${FILESDIR}/${PN}.service" -} - -multilib_src_test() { - default -} - -pkg_postinst() { - elog "You must set up sssd.conf (default installed into /etc/sssd)" - elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x" -} diff --git a/sys-auth/sssd/sssd-2.1.0-r1.ebuild b/sys-auth/sssd/sssd-2.1.0-r1.ebuild deleted file mode 100644 index 98af8535a88f..000000000000 --- a/sys-auth/sssd/sssd-2.1.0-r1.ebuild +++ /dev/null @@ -1,230 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs - -DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" -RESTRICT="!test? ( test )" - -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 - >=dev-libs/ding-libs-0.2 - >=sys-libs/talloc-2.0.7 - >=sys-libs/tdb-1.2.9 - >=sys-libs/tevent-0.9.16 - >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.10.2[winbind] ) - " - -RDEPEND="${COMMON_DEP} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 - app-text/docbook-xml-dtd:4.4 - )" - -CONFIG_CHECK="~KEYS" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/ipa_hbac.h - /usr/include/sss_idmap.h - /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h - # --with-ifp - /usr/include/sss_sifp.h - /usr/include/sss_sifp_dbus.h - # from 1.15.3 - /usr/include/sss_certmap.h -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - default - eautoreconf - multilib_copy_sources -} - -src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. - local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" - - myconf+=( - --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) - --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) - --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --with-os=gentoo - --with-nscd - --with-unicode-lib="glib2" - --disable-rpath - --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) - $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_with selinux) - $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) - $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) - $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" - --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config - ) - - if ! multilib_is_native_abi; then - # work-around all the libraries that are used for CLI and server - myconf+=( - {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' - # ldb headers are fine since native needs it - # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' - - # use native include path for dbus (needed for build) - DBUS_CFLAGS="${native_dbus_cflags}" - - # non-pkgconfig checks - ac_cv_lib_ldap_ldap_search=yes - --without-secrets - --without-libwbclient - --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true - ) - fi - - econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - default - else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install - else - # easier than playing with automake... - dopammod .libs/pam_sss.so - - into / - dolib.so .libs/libnss_sss.so* - - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - insinto /etc/sssd - insopts -m600 - doins "${S}"/src/examples/sssd-example.conf - - insinto /etc/logrotate.d - insopts -m644 - newins "${S}"/src/examples/logrotate sssd - - newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd - - keepdir /var/lib/sss/db - keepdir /var/lib/sss/deskprofile - keepdir /var/lib/sss/gpo_cache - keepdir /var/lib/sss/keytabs - keepdir /var/lib/sss/mc - keepdir /var/lib/sss/pipes/private - keepdir /var/lib/sss/pubconf/krb5.include.d - keepdir /var/lib/sss/secrets - keepdir /var/log/sssd - - systemd_dounit "${FILESDIR}/${PN}.service" -} - -multilib_src_test() { - default -} - -pkg_postinst() { - elog "You must set up sssd.conf (default installed into /etc/sssd)" - elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" -} diff --git a/sys-auth/sssd/sssd-2.2.0-r1.ebuild b/sys-auth/sssd/sssd-2.2.0-r1.ebuild deleted file mode 100644 index 98af8535a88f..000000000000 --- a/sys-auth/sssd/sssd-2.2.0-r1.ebuild +++ /dev/null @@ -1,230 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs - -DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" -RESTRICT="!test? ( test )" - -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 - >=dev-libs/ding-libs-0.2 - >=sys-libs/talloc-2.0.7 - >=sys-libs/tdb-1.2.9 - >=sys-libs/tevent-0.9.16 - >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.10.2[winbind] ) - " - -RDEPEND="${COMMON_DEP} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 - app-text/docbook-xml-dtd:4.4 - )" - -CONFIG_CHECK="~KEYS" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/ipa_hbac.h - /usr/include/sss_idmap.h - /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h - # --with-ifp - /usr/include/sss_sifp.h - /usr/include/sss_sifp_dbus.h - # from 1.15.3 - /usr/include/sss_certmap.h -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - default - eautoreconf - multilib_copy_sources -} - -src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. - local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" - - myconf+=( - --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) - --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) - --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --with-os=gentoo - --with-nscd - --with-unicode-lib="glib2" - --disable-rpath - --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) - $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_with selinux) - $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) - $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) - $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" - --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config - ) - - if ! multilib_is_native_abi; then - # work-around all the libraries that are used for CLI and server - myconf+=( - {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' - # ldb headers are fine since native needs it - # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' - - # use native include path for dbus (needed for build) - DBUS_CFLAGS="${native_dbus_cflags}" - - # non-pkgconfig checks - ac_cv_lib_ldap_ldap_search=yes - --without-secrets - --without-libwbclient - --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true - ) - fi - - econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - default - else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install - else - # easier than playing with automake... - dopammod .libs/pam_sss.so - - into / - dolib.so .libs/libnss_sss.so* - - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - insinto /etc/sssd - insopts -m600 - doins "${S}"/src/examples/sssd-example.conf - - insinto /etc/logrotate.d - insopts -m644 - newins "${S}"/src/examples/logrotate sssd - - newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd - - keepdir /var/lib/sss/db - keepdir /var/lib/sss/deskprofile - keepdir /var/lib/sss/gpo_cache - keepdir /var/lib/sss/keytabs - keepdir /var/lib/sss/mc - keepdir /var/lib/sss/pipes/private - keepdir /var/lib/sss/pubconf/krb5.include.d - keepdir /var/lib/sss/secrets - keepdir /var/log/sssd - - systemd_dounit "${FILESDIR}/${PN}.service" -} - -multilib_src_test() { - default -} - -pkg_postinst() { - elog "You must set up sssd.conf (default installed into /etc/sssd)" - elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" -} diff --git a/sys-auth/sssd/sssd-2.2.2.ebuild b/sys-auth/sssd/sssd-2.2.2.ebuild deleted file mode 100644 index 98af8535a88f..000000000000 --- a/sys-auth/sssd/sssd-2.2.2.ebuild +++ /dev/null @@ -1,230 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs - -DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" -RESTRICT="!test? ( test )" - -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 - >=dev-libs/ding-libs-0.2 - >=sys-libs/talloc-2.0.7 - >=sys-libs/tdb-1.2.9 - >=sys-libs/tevent-0.9.16 - >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.10.2[winbind] ) - " - -RDEPEND="${COMMON_DEP} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 - app-text/docbook-xml-dtd:4.4 - )" - -CONFIG_CHECK="~KEYS" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/ipa_hbac.h - /usr/include/sss_idmap.h - /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h - # --with-ifp - /usr/include/sss_sifp.h - /usr/include/sss_sifp_dbus.h - # from 1.15.3 - /usr/include/sss_certmap.h -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - default - eautoreconf - multilib_copy_sources -} - -src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. - local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" - - myconf+=( - --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) - --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) - --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --with-os=gentoo - --with-nscd - --with-unicode-lib="glib2" - --disable-rpath - --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) - $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_with selinux) - $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) - $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) - $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" - --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config - ) - - if ! multilib_is_native_abi; then - # work-around all the libraries that are used for CLI and server - myconf+=( - {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' - # ldb headers are fine since native needs it - # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' - - # use native include path for dbus (needed for build) - DBUS_CFLAGS="${native_dbus_cflags}" - - # non-pkgconfig checks - ac_cv_lib_ldap_ldap_search=yes - --without-secrets - --without-libwbclient - --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true - ) - fi - - econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - default - else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install - else - # easier than playing with automake... - dopammod .libs/pam_sss.so - - into / - dolib.so .libs/libnss_sss.so* - - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - insinto /etc/sssd - insopts -m600 - doins "${S}"/src/examples/sssd-example.conf - - insinto /etc/logrotate.d - insopts -m644 - newins "${S}"/src/examples/logrotate sssd - - newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd - - keepdir /var/lib/sss/db - keepdir /var/lib/sss/deskprofile - keepdir /var/lib/sss/gpo_cache - keepdir /var/lib/sss/keytabs - keepdir /var/lib/sss/mc - keepdir /var/lib/sss/pipes/private - keepdir /var/lib/sss/pubconf/krb5.include.d - keepdir /var/lib/sss/secrets - keepdir /var/log/sssd - - systemd_dounit "${FILESDIR}/${PN}.service" -} - -multilib_src_test() { - default -} - -pkg_postinst() { - elog "You must set up sssd.conf (default installed into /etc/sssd)" - elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" -} diff --git a/sys-auth/sssd/sssd-2.2.3.ebuild b/sys-auth/sssd/sssd-2.2.3.ebuild deleted file mode 100644 index 044a58e86151..000000000000 --- a/sys-auth/sssd/sssd-2.2.3.ebuild +++ /dev/null @@ -1,234 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs - -DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" -RESTRICT="!test? ( test )" - -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 - >=dev-libs/ding-libs-0.2 - >=sys-libs/talloc-2.0.7 - >=sys-libs/tdb-1.2.9 - >=sys-libs/tevent-0.9.16 - >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.10.2[winbind] ) - " - -RDEPEND="${COMMON_DEP} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 - app-text/docbook-xml-dtd:4.4 - )" - -CONFIG_CHECK="~KEYS" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/ipa_hbac.h - /usr/include/sss_idmap.h - /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h - # --with-ifp - /usr/include/sss_sifp.h - /usr/include/sss_sifp_dbus.h - # from 1.15.3 - /usr/include/sss_certmap.h -) - -PATCHES=( - "${FILESDIR}"/${P}-glibc-2.32-compat.patch -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - default - eautoreconf - multilib_copy_sources -} - -src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. - local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" - - myconf+=( - --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) - --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) - --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --with-os=gentoo - --with-nscd - --with-unicode-lib="glib2" - --disable-rpath - --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) - $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_with selinux) - $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) - $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) - $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" - --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config - ) - - if ! multilib_is_native_abi; then - # work-around all the libraries that are used for CLI and server - myconf+=( - {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' - # ldb headers are fine since native needs it - # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' - - # use native include path for dbus (needed for build) - DBUS_CFLAGS="${native_dbus_cflags}" - - # non-pkgconfig checks - ac_cv_lib_ldap_ldap_search=yes - --without-secrets - --without-libwbclient - --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true - ) - fi - - econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - default - else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install - else - # easier than playing with automake... - dopammod .libs/pam_sss.so - - into / - dolib.so .libs/libnss_sss.so* - - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - insinto /etc/sssd - insopts -m600 - doins "${S}"/src/examples/sssd-example.conf - - insinto /etc/logrotate.d - insopts -m644 - newins "${S}"/src/examples/logrotate sssd - - newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd - - keepdir /var/lib/sss/db - keepdir /var/lib/sss/deskprofile - keepdir /var/lib/sss/gpo_cache - keepdir /var/lib/sss/keytabs - keepdir /var/lib/sss/mc - keepdir /var/lib/sss/pipes/private - keepdir /var/lib/sss/pubconf/krb5.include.d - keepdir /var/lib/sss/secrets - keepdir /var/log/sssd - - systemd_dounit "${FILESDIR}/${PN}.service" -} - -multilib_src_test() { - default -} - -pkg_postinst() { - elog "You must set up sssd.conf (default installed into /etc/sssd)" - elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" -} diff --git a/sys-auth/sssd/sssd-2.9.1-r1.ebuild b/sys-auth/sssd/sssd-2.9.1-r1.ebuild new file mode 100644 index 000000000000..af43a0ad6b5a --- /dev/null +++ b/sys-auth/sssd/sssd-2.9.1-r1.ebuild @@ -0,0 +1,333 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk" +PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN" +PLOCALE_BACKUP="sv" +PYTHON_COMPAT=( python3_{10..12} ) + +inherit autotools linux-info multilib-minimal optfeature plocale \ + python-single-r1 pam systemd toolchain-funcs + +DESCRIPTION="System Security Services Daemon provides access to identity and authentication" +HOMEPAGE="https://github.com/SSSD/sssd" +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/SSSD/sssd.git" + EGIT_BRANCH="master" +fi + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86" +IUSE="acl doc keyutils +netlink nfsv4 nls +man python samba selinux subid sudo systemd systemtap test" +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + test? ( sudo )" +RESTRICT="!test? ( test )" + +DEPEND=" + >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}] + app-crypt/p11-kit + >=dev-libs/ding-libs-0.2 + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + dev-libs/jansson:= + dev-libs/libpcre2:= + dev-libs/libunistring:= + >=dev-libs/popt-1.16 + >=dev-libs/openssl-1.0.2:= + >=net-dns/bind-tools-9.9[gssapi] + >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] + >=net-nds/openldap-2.4.30:=[sasl,experimental] + >=sys-apps/dbus-1.6 + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] + >=sys-libs/talloc-2.0.7 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.16 + >=sys-libs/ldb-1.1.17-r1:= + virtual/libintl + acl? ( net-fs/cifs-utils[acl] ) + keyutils? ( >=sys-apps/keyutils-1.5:= ) + netlink? ( dev-libs/libnl:3 ) + nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 ) + nls? ( >=sys-devel/gettext-0.18 ) + python? ( + ${PYTHON_DEPS} + systemd? ( + $(python_gen_cond_dep ' + dev-python/python-systemd[${PYTHON_USEDEP}] + ') + ) + ) + samba? ( >=net-fs/samba-4.10.2[winbind] ) + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + subid? ( >=sys-apps/shadow-4.9 ) + systemd? ( + sys-apps/systemd:= + sys-apps/util-linux + ) + systemtap? ( dev-debug/systemtap )" +RDEPEND="${DEPEND} + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )" +BDEPEND=" + virtual/pkgconfig + ${PYTHON_DEPS} + doc? ( app-text/doxygen ) + man? ( + app-text/docbook-xml-dtd:4.4 + >=dev-libs/libxslt-1.1.26 + nls? ( app-text/po4a ) + ) + nls? ( sys-devel/gettext ) + test? ( + dev-libs/check + dev-libs/softhsm:2 + dev-util/cmocka + net-libs/gnutls[pkcs11,tools] + sys-libs/libfaketime + sys-libs/nss_wrapper + sys-libs/pam_wrapper + sys-libs/uid_wrapper + ) +" + +CONFIG_CHECK="~KEYS" + +PATCHES=( + "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch" + "${FILESDIR}/${PN}-2.9.1-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch" + "${FILESDIR}/${PN}-2.9.1-certmap-fix-partial-string-comparison.patch" + "${FILESDIR}/${PN}-2.9.1-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch" + "${FILESDIR}/${PN}-2.9.1-conditional-python-install.patch" +) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ipa_hbac.h + /usr/include/sss_idmap.h + /usr/include/sss_nss_idmap.h + # --with-ifp + /usr/include/sss_sifp.h + /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h +) + +pkg_setup() { + linux-info_pkg_setup + python-single-r1_pkg_setup +} + +src_prepare() { + default + + plocale_get_locales > src/man/po/LINGUAS || die + + sed -i \ + -e "/_langs]/ s/ .*//" \ + src/man/po/po4a.cfg \ + || die + enable_locale() { + local locale=${1} + + sed -i \ + -e "/_langs]/ s/$/ ${locale}/" \ + src/man/po/po4a.cfg \ + || die + } + + plocale_for_each_locale enable_locale + + PLOCALES="${PLOCALES_BIN}" + plocale_get_locales > po/LINGUAS || die + + sed -i \ + -e 's:/var/run:/run:' \ + src/examples/logrotate \ + || die + + # disable flaky test, see https://github.com/SSSD/sssd/issues/5631 + sed -i \ + -e '/^\s*pam-srv-tests[ \\]*$/d' \ + Makefile.am \ + || die + + eautoreconf + + multilib_copy_sources +} + +src_configure() { + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die) + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=() + + export ac_cv_header_keyutils_h=$(usex keyutils) + export ac_cv_lib_keyutils_add_key=$(usex keyutils) + + myconf+=( + --libexecdir="${EPREFIX}"/usr/libexec + --localstatedir="${EPREFIX}"/var + --runstatedir="${EPREFIX}"/run + --sbindir="${EPREFIX}"/usr/sbin + --with-pid-path="${EPREFIX}"/run + --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd + --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-db-path="${EPREFIX}"/var/lib/sss/db + --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache + --with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf + --with-pipe-path="${EPREFIX}"/var/lib/sss/pipes + --with-mcache-path="${EPREFIX}"/var/lib/sss/mc + --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets + --with-log-path="${EPREFIX}"/var/log/sssd + --with-kcm + --enable-kcm-renewal + --with-os=gentoo + --disable-rpath + --disable-static + # Valgrind is only used for tests + --disable-valgrind + $(use_with samba) + --with-smb-idmap-interface-version=6 + $(multilib_native_use_enable acl cifs-idmap-plugin) + $(multilib_native_use_with selinux) + $(multilib_native_use_with selinux semanage) + --enable-krb5-locator-plugin + $(use_enable samba pac-responder) + $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) + $(use_enable nls) + $(multilib_native_use_with netlink libnl) + $(multilib_native_use_with man manpages) + $(multilib_native_use_with sudo) + $(multilib_native_with autofs) + $(multilib_native_with ssh) + --without-oidc-child + --without-passkey + $(use_with subid) + $(use_enable systemtap) + --without-python2-bindings + $(multilib_native_use_with python python3-bindings) + # Annoyingly configure requires that you pick systemd XOR sysv + --with-initscript=$(usex systemd systemd sysv) + ) + + use systemd && myconf+=( + --with-systemdunitdir=$(systemd_get_systemunitdir) + ) + + if ! multilib_is_native_abi; then + # work-around all the libraries that are used for CLI and server + myconf+=( + {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' + # ldb headers are fine since native needs it + # ldb lib fails... but it does not seem to bother + {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' + {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' ' + + # use native include path for dbus (needed for build) + DBUS_CFLAGS="${native_dbus_cflags}" + + # non-pkgconfig checks + ac_cv_lib_ldap_ldap_search=yes + --without-kcm + --without-manpages + ) + fi + + econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + use doc && emake docs + else + emake libnss_sss.la pam_sss.la pam_sss_gss.la + emake sssd_krb5_locator_plugin.la + use samba && emake sssd_pac_plugin.la + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + local -x CK_TIMEOUT_MULTIPLIER=10 + emake check VERBOSE=yes + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake -j1 DESTDIR="${D}" install + if use python; then + python_fix_shebang "${ED}" + python_optimize + fi + else + # easier than playing with automake... + dopammod .libs/pam_sss.so + dopammod .libs/pam_sss_gss.so + + into / + dolib.so .libs/libnss_sss.so* + + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so + + if use samba; then + exeinto /usr/$(get_libdir)/krb5/plugins/authdata + doexe .libs/sssd_pac_plugin.so + fi + fi +} + +multilib_src_install_all() { + einstalldocs + + insinto /etc/sssd + insopts -m600 + doins src/examples/sssd-example.conf + + insinto /etc/logrotate.d + insopts -m644 + newins src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + + # strip empty dirs + if ! use doc; then + rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die + rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die + fi + + rm -r "${ED}"/run || die + find "${ED}" -type f -name '*.la' -delete || die +} + +pkg_postinst() { + elog "You must set up sssd.conf (default installed into /etc/sssd)" + elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" + elog "features." + optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli +} diff --git a/sys-auth/sssd/sssd-2.3.1.ebuild b/sys-auth/sssd/sssd-2.9.4.ebuild index 72dab04b2dc2..d83be12eeecc 100644 --- a/sys-auth/sssd/sssd-2.3.1.ebuild +++ b/sys-auth/sssd/sssd-2.9.4.ebuild @@ -1,37 +1,48 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -PYTHON_COMPAT=( python3_{7,8,9} ) +PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk" +PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN" +PLOCALE_BACKUP="sv" +PYTHON_COMPAT=( python3_{10..12} ) -inherit autotools flag-o-matic linux-info multilib-minimal python-single-r1 pam systemd toolchain-funcs +inherit autotools linux-info multilib-minimal optfeature plocale \ + python-single-r1 pam systemd toolchain-funcs DESCRIPTION="System Security Services Daemon provides access to identity and authentication" HOMEPAGE="https://github.com/SSSD/sssd" -SRC_URI="https://github.com/SSSD/sssd/releases/download/${PN}-${PV//./_}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" + KEYWORDS="amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc x86" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/SSSD/sssd.git" + EGIT_BRANCH="master" +fi LICENSE="GPL-3" SLOT="0" -IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd test valgrind" +IUSE="acl doc +netlink nfsv4 nls +man python samba selinux subid sudo systemd systemtap test" +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + test? ( sudo )" RESTRICT="!test? ( test )" -REQUIRED_USE="pac? ( samba ) - python? ( ${PYTHON_REQUIRED_USE} )" - DEPEND=" - >=app-crypt/mit-krb5-1.10.3 + >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}] app-crypt/p11-kit >=dev-libs/ding-libs-0.2 - dev-libs/glib:2 >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=dev-libs/libpcre-8.30:= + dev-libs/jansson:= + dev-libs/libpcre2:= + dev-libs/libunistring:= >=dev-libs/popt-1.16 - >=dev-libs/openssl-1.0.2:0= + >=dev-libs/openssl-1.0.2:= >=net-dns/bind-tools-9.9[gssapi] - >=net-dns/c-ares-1.7.4 - >=net-nds/openldap-2.4.30[sasl] + >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] + >=net-nds/openldap-2.4.30:=[sasl,experimental] >=sys-apps/dbus-1.6 >=sys-apps/keyutils-1.5:= >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] @@ -40,38 +51,41 @@ DEPEND=" >=sys-libs/tevent-0.9.16 >=sys-libs/ldb-1.1.17-r1:= virtual/libintl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) acl? ( net-fs/cifs-utils[acl] ) netlink? ( dev-libs/libnl:3 ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) + nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 ) nls? ( >=sys-devel/gettext-0.18 ) - pac? ( - app-crypt/mit-krb5[${MULTILIB_USEDEP}] - net-fs/samba + python? ( + ${PYTHON_DEPS} + systemd? ( + $(python_gen_cond_dep ' + dev-python/python-systemd[${PYTHON_USEDEP}] + ') + ) ) - python? ( ${PYTHON_DEPS} ) samba? ( >=net-fs/samba-4.10.2[winbind] ) selinux? ( >=sys-libs/libselinux-2.1.9 >=sys-libs/libsemanage-2.1 ) + subid? ( >=sys-apps/shadow-4.9 ) systemd? ( - dev-libs/jansson:0= - net-libs/http-parser:0= - net-misc/curl:0= + sys-apps/systemd:= + sys-apps/util-linux ) - " - + systemtap? ( dev-debug/systemtap )" RDEPEND="${DEPEND} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -BDEPEND="${DEPEND} - >=sys-devel/autoconf-2.69-r5 - doc? ( app-doc/doxygen ) + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )" +BDEPEND=" + virtual/pkgconfig + ${PYTHON_DEPS} + doc? ( app-text/doxygen ) + man? ( + app-text/docbook-xml-dtd:4.4 + >=dev-libs/libxslt-1.1.26 + nls? ( app-text/po4a ) + ) + nls? ( sys-devel/gettext ) test? ( dev-libs/check dev-libs/softhsm:2 @@ -81,16 +95,16 @@ BDEPEND="${DEPEND} sys-libs/nss_wrapper sys-libs/pam_wrapper sys-libs/uid_wrapper - valgrind? ( dev-util/valgrind ) ) - man? ( - app-text/docbook-xml-dtd:4.4 - >=dev-libs/libxslt-1.1.26 - nls? ( app-text/po4a ) - )" +" CONFIG_CHECK="~KEYS" +PATCHES=( + "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch" + "${FILESDIR}/${PN}-2.9.1-conditional-python-install.patch" +) + MULTILIB_WRAPPED_HEADERS=( /usr/include/ipa_hbac.h /usr/include/sss_idmap.h @@ -102,28 +116,52 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/sss_certmap.h ) -PATCHES=( - "${FILESDIR}"/${P}-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch -) - pkg_setup() { linux-info_pkg_setup + python-single-r1_pkg_setup } src_prepare() { - sed -i 's:/var/run:/run:' \ - "${S}"/src/examples/logrotate || die - default + + plocale_get_locales > src/man/po/LINGUAS || die + + sed -i \ + -e "/_langs]/ s/ .*//" \ + src/man/po/po4a.cfg \ + || die + enable_locale() { + local locale=${1} + + sed -i \ + -e "/_langs]/ s/$/ ${locale}/" \ + src/man/po/po4a.cfg \ + || die + } + + plocale_for_each_locale enable_locale + + PLOCALES="${PLOCALES_BIN}" + plocale_get_locales > po/LINGUAS || die + + sed -i \ + -e 's:/var/run:/run:' \ + src/examples/logrotate \ + || die + + # disable flaky test, see https://github.com/SSSD/sssd/issues/5631 + sed -i \ + -e '/^\s*pam-srv-tests[ \\]*$/d' \ + Makefile.am \ + || die + eautoreconf + multilib_copy_sources - if use python && multilib_is_native_abi; then - python_setup - fi } src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die) multilib-minimal_src_configure } @@ -132,8 +170,10 @@ multilib_src_configure() { local myconf=() myconf+=( + --libexecdir="${EPREFIX}"/usr/libexec --localstatedir="${EPREFIX}"/var --runstatedir="${EPREFIX}"/run + --sbindir="${EPREFIX}"/usr/sbin --with-pid-path="${EPREFIX}"/run --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) @@ -145,21 +185,20 @@ multilib_src_configure() { --with-mcache-path="${EPREFIX}"/var/lib/sss/mc --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets --with-log-path="${EPREFIX}"/var/log/sssd + --with-kcm + --enable-kcm-renewal --with-os=gentoo - --with-nscd="${EPREFIX}"/usr/sbin/nscd - --with-unicode-lib="glib2" --disable-rpath - --sbindir=/usr/sbin - --with-crypto="libcrypto" - $(multilib_native_use_with systemd kcm) - $(multilib_native_use_with systemd secrets) + --disable-static + # Valgrind is only used for tests + --disable-valgrind $(use_with samba) --with-smb-idmap-interface-version=6 $(multilib_native_use_enable acl cifs-idmap-plugin) $(multilib_native_use_with selinux) $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(use_enable pac pac-responder) + --enable-krb5-locator-plugin + $(use_enable samba pac-responder) $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) $(use_enable nls) $(multilib_native_use_with netlink libnl) @@ -167,21 +206,19 @@ multilib_src_configure() { $(multilib_native_use_with sudo) $(multilib_native_with autofs) $(multilib_native_with ssh) - $(use_enable valgrind) + --without-oidc-child + --without-passkey + $(use_with subid) + $(use_enable systemtap) --without-python2-bindings $(multilib_native_use_with python python3-bindings) - + # Annoyingly configure requires that you pick systemd XOR sysv + --with-initscript=$(usex systemd systemd sysv) ) - # Annoyingly configure requires that you pick systemd XOR sysv - if use systemd; then - myconf+=( - --with-initscript="systemd" - --with-systemdunitdir=$(systemd_get_systemunitdir) - ) - else - myconf+=(--with-initscript="sysv") - fi + use systemd && myconf+=( + --with-systemdunitdir=$(systemd_get_systemunitdir) + ) if ! multilib_is_native_abi; then # work-around all the libraries that are used for CLI and server @@ -189,17 +226,17 @@ multilib_src_configure() { {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' # ldb headers are fine since native needs it # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' - {NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' ' + {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' + {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' ' # use native include path for dbus (needed for build) DBUS_CFLAGS="${native_dbus_cflags}" # non-pkgconfig checks ac_cv_lib_ldap_ldap_search=yes - --without-secrets --without-kcm + --without-manpages ) fi @@ -210,37 +247,39 @@ multilib_src_compile() { if multilib_is_native_abi; then default use doc && emake docs - if use man || use nls; then - emake update-po - fi else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - use pac && emake sssd_pac_plugin.la + emake libnss_sss.la pam_sss.la pam_sss_gss.la + emake sssd_krb5_locator_plugin.la + use samba && emake sssd_pac_plugin.la + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + local -x CK_TIMEOUT_MULTIPLIER=10 + emake check VERBOSE=yes fi } multilib_src_install() { if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install + emake -j1 DESTDIR="${D}" install if use python; then - python_optimize python_fix_shebang "${ED}" + python_optimize fi - else # easier than playing with automake... dopammod .libs/pam_sss.so + dopammod .libs/pam_sss_gss.so into / dolib.so .libs/libnss_sss.so* - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so - if use pac; then + if use samba; then exeinto /usr/$(get_libdir)/krb5/plugins/authdata doexe .libs/sssd_pac_plugin.so fi @@ -249,15 +288,14 @@ multilib_src_install() { multilib_src_install_all() { einstalldocs - find "${ED}" -type f -name '*.la' -delete || die insinto /etc/sssd insopts -m600 - doins "${S}"/src/examples/sssd-example.conf + doins src/examples/sssd-example.conf insinto /etc/logrotate.d insopts -m644 - newins "${S}"/src/examples/logrotate sssd + newins src/examples/logrotate sssd newconfd "${FILESDIR}"/sssd.conf sssd @@ -272,20 +310,18 @@ multilib_src_install_all() { keepdir /var/log/sssd # strip empty dirs - if ! use doc ; then + if ! use doc; then rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die - rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die + rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die fi rm -r "${ED}"/run || die -} - -multilib_src_test() { - multilib_is_native_abi && emake check + find "${ED}" -type f -name '*.la' -delete || die } pkg_postinst() { elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html" + elog "features." + optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli } |