diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
tree | 0625f358789b5e015e49db139cc1dbc9be00428f /sys-auth/sssd | |
parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) |
gentoo resync : 25.11.2020
Diffstat (limited to 'sys-auth/sssd')
-rw-r--r-- | sys-auth/sssd/Manifest | 17 | ||||
-rw-r--r-- | sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch | 71 | ||||
-rw-r--r-- | sys-auth/sssd/files/sssd-curl-macros.patch | 34 | ||||
-rw-r--r-- | sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch | 96 | ||||
-rw-r--r-- | sys-auth/sssd/sssd-1.16.3-r3.ebuild | 233 | ||||
-rw-r--r-- | sys-auth/sssd/sssd-2.1.0-r1.ebuild | 230 | ||||
-rw-r--r-- | sys-auth/sssd/sssd-2.2.0-r1.ebuild | 2 | ||||
-rw-r--r-- | sys-auth/sssd/sssd-2.2.2.ebuild | 230 | ||||
-rw-r--r-- | sys-auth/sssd/sssd-2.3.1-r2.ebuild (renamed from sys-auth/sssd/sssd-2.3.1-r1.ebuild) | 4 | ||||
-rw-r--r-- | sys-auth/sssd/sssd-2.4.0.ebuild (renamed from sys-auth/sssd/sssd-2.2.3.ebuild) | 192 |
10 files changed, 129 insertions, 980 deletions
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest index 8c1932e6f23b..561735083799 100644 --- a/sys-auth/sssd/Manifest +++ b/sys-auth/sssd/Manifest @@ -1,20 +1,11 @@ AUX sssd 489 BLAKE2B 552ffc9c5053e6de3e4d59ae50cbd95ae44460f51d7f753d9792eefb10507225a32beb91c1a47adf0ddbffff339a245f09c260738a781d05a0a955b8bf283148 SHA512 eab8d42d0188e55a18803b738af77c1969bf7c4b59503ee99975d4739e3c532c300e394a393327b7b98254672c1c2b0b15f81c9c27479e7cbbfb4995ab12b43e -AUX sssd-2.2.3-glibc-2.32-compat.patch 2699 BLAKE2B b05f536d5f189f005cf97e8f64a44ac88e18161b025dfa4e901c7670cebc55090d0c692a9f5a3287313892b59592982f17b22d97aad21a3f58a76d963ff2b31b SHA512 fd1eef46a1127393738bb3bd1aa6eb99a1953afb7e6979b938d4b0519291f74284e5443ba323052f4ee0d54ef64e73200bdd13177c7bca1399ca79336d16b774 AUX sssd-2.3.1-test_ca-Look-for-libsofthsm2.so-in-usr-libdir-sofths.patch 1180 BLAKE2B 22b12936b8a4256af39396ce31a90742bc93331b2adb9c44442ddd1285ee19e03c24f99b899dfe35768d4383f7e46a241a0fa3975cc3cf4b32e93f1dd0805915 SHA512 d4519c7d9a63d6902da028584379457fda0be7b4e3b882498586504543e944462d93a3fe804f307562d75cd15257a1595c09bc1e804a41f47f1d2ff9999c7973 -AUX sssd-curl-macros.patch 1104 BLAKE2B c03179ab4d608988316224b184c6bc349230e4ee4b79b866615ceb76f091cc28a667f09a591a8b3b98655d1f6160d2e49a4df4177e616d27e7f1e50d465642dc SHA512 77b311c7a8101e5facf046d08deb7a7d363ef6e393fa44feddf82e1398dede44aa3ac57555c10496b5ba1ca370f0f6370ba8c7cd1ae80a3b2657c3e3f9fbb063 -AUX sssd-fix-CVE-2019-3811.patch 3745 BLAKE2B c09dcdd2d4f698771e099c1aca008a42833375b0d723348ead780f84ce3491b54b7a9266b83c5c7e481ec997f69662bd45e33520a0b1ec37b93a8ef800093985 SHA512 b9d95fb9515e367dd7d645778f330a5c7c7fadb9c49ddbbcd78aee18c5918d0bb8e45735c508bf1f574307afc6076a34c420cacb7963b70333e0f678ff3864b6 AUX sssd.conf 124 BLAKE2B b6f9c016a014510f97b036d23d5f50e1e13085220fe82b0e6ef7a3ceeb114e59af935f39e66e4ad60a46f43983930e5d381b16b0ed31ba4349abe38c4b509367 SHA512 f16908c44b213edbf6b0c6e8d49df92e8c06fc623279037074fe51e49b8aca7dc18f5ed83f71909fc8209df80dfc150583edb1687f88e61588bdf9d1fbf6ed5a AUX sssd.service 341 BLAKE2B 0cffcd43786633aa8e5bb42c54741cba676021c5a07554b08499504f8f630ff821ff334a21e2a4f9ae2d77d70d969018dd5a85d11b12bb31235a0ffcda4105c8 SHA512 99510d11f390722f56bc164059033fc40299dd4ea29f98cd5f08b2648f31b2e70afeb6b2d90f919bde595546c80b4e6941cf6f48130661ead09c0576043e4cf5 -DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728 -DIST sssd-2.1.0.tar.gz 6463331 BLAKE2B 9226370dc384c58841d944bdf9b067d953bf138ee7a289f01a4b8bb5d09beee3b9f21609989123d8f4f9fc13237670d61e32dcb194555ddc6785c598ce78d08c SHA512 12a7e5b89d462350af3c43e15b24a437dd985ac4a2e419d5e52cc0d05c6eacb9319d39b23681595ef860120cd1ae6e5fb265054afeddcb05d3d5f5de5d6ffa63 DIST sssd-2.2.0.tar.gz 6642715 BLAKE2B e6c16ca69effe59769fc166c02203faee445ebe2bf551c6a1460bdee2474ccbce1a38b3aa59b1ae4a79bb170696a784b800a9299025bf6a58bc9aeb94b946338 SHA512 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb -DIST sssd-2.2.2.tar.gz 6767578 BLAKE2B e0eedaf1da1de953903730c96479af0709ee14dd83eca82a11316dc96c29573b5f3de5965f386d5c12a69e7d98b6168c9d197bbd46ac51f0122feababe52dfe1 SHA512 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801 -DIST sssd-2.2.3.tar.gz 6894302 BLAKE2B b72443ebd4f50581a0d9d2b7cf691fdda0dfe3cfb2ed82c383595aeca8d6198c7f44f1c49e56bdfeac23f9151897ac2df70d1afbbeceb2231daee71492884420 SHA512 b61d52a53e26e8efa9cb799fc6efc2314bf9d174d3cacfe591a4ca77530637591eacc0dc70c0555252e04a9617e8b134b1ab2d9b0f7351b4228e7b61499e6a10 DIST sssd-2.3.1.tar.gz 7186526 BLAKE2B 6d630fe75b9b426ef54adbe1704fde8e01fc34df7861028c07ce2985db8a151ce743d633061386fea6460fe8eabb89242b816d4bac87975bb9b7b2064ad1d547 SHA512 6aeb52d5222c5992d581296996749327bcaf276e4eb4413a6a32ea6529343432cfe413006aca4245c19b38b515be1c4c2ef88a157c617d889274179253355bc6 -EBUILD sssd-1.16.3-r3.ebuild 6052 BLAKE2B 4b869f470adef34441936aa90a0459bf844b0570c55cdc30b3a921c7fb5cb1ef1da7823cdca8112120291583ef57649979c5f4013954decb147dd029b00c6d2f SHA512 6a9e06194fd352ce9b2afca5c4307de5dbdb29177c67cac2a6ab31d01c4480912d7c9e362d3bf9f8144070c70de4a72c806a65a253046c58f8872ef543a47693 -EBUILD sssd-2.1.0-r1.ebuild 5972 BLAKE2B 59fe7c880dd738dd827f77b22522c8be2ad65f41bf8e5fc447a1c1bcd9631eda1549ddb6b15490c6e64b294338d08d41454da15fe6129dd7fb2611e4463f1349 SHA512 0057b815e569d4e0056d2117eb600f321b77b3dfcacbacb0230433e37134e48a90a54f8bf97444bfc29113860d4014cdf8399e493d9a5851c6bea37bf5209dde -EBUILD sssd-2.2.0-r1.ebuild 5972 BLAKE2B 59fe7c880dd738dd827f77b22522c8be2ad65f41bf8e5fc447a1c1bcd9631eda1549ddb6b15490c6e64b294338d08d41454da15fe6129dd7fb2611e4463f1349 SHA512 0057b815e569d4e0056d2117eb600f321b77b3dfcacbacb0230433e37134e48a90a54f8bf97444bfc29113860d4014cdf8399e493d9a5851c6bea37bf5209dde -EBUILD sssd-2.2.2.ebuild 5972 BLAKE2B 59fe7c880dd738dd827f77b22522c8be2ad65f41bf8e5fc447a1c1bcd9631eda1549ddb6b15490c6e64b294338d08d41454da15fe6129dd7fb2611e4463f1349 SHA512 0057b815e569d4e0056d2117eb600f321b77b3dfcacbacb0230433e37134e48a90a54f8bf97444bfc29113860d4014cdf8399e493d9a5851c6bea37bf5209dde -EBUILD sssd-2.2.3.ebuild 6029 BLAKE2B 85d4f9e21aa17352e91a31bfed555fce87f59d7689b621c0ee5adc2c41ac7047b6093c6d6a7426bc5c46295de5080538bd76cdf12574847338eefbb809f251c3 SHA512 22d791eca85e1e50f0cfe9bdf8a580f4e32bb3a746f129eef01a3a637b4dd7a6a9a355524c49d0f62bfb4e205241daaf3c7742c703c9ebea268a8dd48d3f4313 -EBUILD sssd-2.3.1-r1.ebuild 7537 BLAKE2B ad16d49bd320814edf43bf982ba5e03ccb15e1d81e75d87be7090efbc0805b0bdd4bccf4dc6718a728c85f01e17f5bedec996079616bd4b967052994de6763e3 SHA512 a58f795102845b1f3d8337f11712d268cdd5d24935532d4d4caf3fc9a9a1c2293e0df10ff4703e84bffa067272bebb7e74ccdc27bc249da1eade8d24214a5435 +DIST sssd-2.4.0.tar.gz 7280358 BLAKE2B 28136953cd7c9f3119bd5a223c911a3b3f97921402c5a8ba34c6fca90434fead46906266e33450688fe131a515edf9e5f8654658cc10cfaafb44a9c2d8c59dd8 SHA512 d9a4b17665ce3a1ea51cfe2fdb53818ac1e265a33c61f657f61699ecc716e1244e45b5b628aeae6c54e601383084f3cac327cb3edd7bea80bca397b1fbe4ab72 +EBUILD sssd-2.2.0-r1.ebuild 5970 BLAKE2B 700d5ab7604c65ae3a8e293cacb7406dcd7d8749a8513f5df5b81ade4cf7387a79586f08aaf9635f967db2d7171a4fe787a181b82d6cbcecc9d43e680d9f237b SHA512 97099d496e46380d55b059a440920684e88820b526b5ecfb662ad0c9b9c54459d63595a12b1f616dc2eab662eb3e40acc1955c0143df98055a32f70bdbe01b04 +EBUILD sssd-2.3.1-r2.ebuild 7560 BLAKE2B 02f77e567793ff2cb7aac669fb7a55cde18ebfa09338310ac05112729d7bc9888bb28165711233e9892cf08c4e9a29464e159bdc213d40201aead07b2ec972c1 SHA512 09330464511c7ec1a1b49e8f1397c578d015b5eb559eb45d0f5969176ef4afa052035e0827aec944f15cb922360758f7e7a929892a174a7218d0abecccf2edae +EBUILD sssd-2.4.0.ebuild 7442 BLAKE2B 4e151e126bd5ebbfa231ae822cdfcb499802d1020299182f28c7712422f6149a03f98772eddbf5863e89bc5854e2813229a1cb9279b4788ba4c0e3b2fa09baf5 SHA512 b76cc430c711e5260d1be19fc0d4d6ccec9e0d8911ea94d15e18426f369d5958c8f0fa42f51c88b8a862003d39ed1602929ddc9b06432fd4c2e4c91e636e5bd5 MISC metadata.xml 1480 BLAKE2B e2903840a3b7e9c92145fdded6fc6a7a275323186d2636e401b9d4c7992b61ea410f43a565482e0bdab6056feaf140a63e3f0db3da532c6686d4f7edb3d58c43 SHA512 35c81d5fdb496a9d2ca39379b0844a30c0313b2606a62e1bbf8816c0b95712089b99e4dd5f526a5bc593e8b93b8c47eb54125e25568b4c485aac379e0764d039 diff --git a/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch b/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch deleted file mode 100644 index 9d59ae91be55..000000000000 --- a/sys-auth/sssd/files/sssd-2.2.3-glibc-2.32-compat.patch +++ /dev/null @@ -1,71 +0,0 @@ -From fe9eeb51be06059721e873f77092b1e9ba08e6c1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com> -Date: Thu, 27 Feb 2020 06:50:40 +0100 -Subject: [PATCH] nss: Collision with external nss symbol -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -One of our internal static function names started -to collide with external nss symbol. Additional -sss_ suffix was added to avoid the collision. - -This is needed to unblock Fedora Rawhide's -SSSD build. - -Reviewed-by: Pavel Březina <pbrezina@redhat.com> ---- - src/responder/nss/nss_cmd.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c -index 356aea1564..02706c4b94 100644 ---- a/src/responder/nss/nss_cmd.c -+++ b/src/responder/nss/nss_cmd.c -@@ -731,11 +731,13 @@ static void nss_getent_done(struct tevent_req *subreq) - talloc_free(cmd_ctx); - } - --static void nss_setnetgrent_done(struct tevent_req *subreq); -+static void sss_nss_setnetgrent_done(struct tevent_req *subreq); - --static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx, -- enum cache_req_type type, -- nss_protocol_fill_packet_fn fill_fn) -+/* This function's name started to collide with external nss symbol, -+ * so it has additional sss_* prefix unlike other functions here. */ -+static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx, -+ enum cache_req_type type, -+ nss_protocol_fill_packet_fn fill_fn) - { - struct nss_ctx *nss_ctx; - struct nss_state_ctx *state_ctx; -@@ -777,7 +779,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx, - goto done; - } - -- tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx); -+ tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx); - - ret = EOK; - -@@ -790,7 +792,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx, - return EOK; - } - --static void nss_setnetgrent_done(struct tevent_req *subreq) -+static void sss_nss_setnetgrent_done(struct tevent_req *subreq) - { - struct nss_cmd_ctx *cmd_ctx; - errno_t ret; -@@ -1040,8 +1042,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx) - - static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx) - { -- return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME, -- nss_protocol_fill_setnetgrent); -+ return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME, -+ nss_protocol_fill_setnetgrent); - } - - static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx) diff --git a/sys-auth/sssd/files/sssd-curl-macros.patch b/sys-auth/sssd/files/sssd-curl-macros.patch deleted file mode 100644 index 91e71e837875..000000000000 --- a/sys-auth/sssd/files/sssd-curl-macros.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001 -From: Mikle Kolyada <zlogene@gentoo.org> -Date: Sun, 16 Dec 2018 20:42:39 +0300 -Subject: [PATCH] tev_curl.c: remove case duplication - -CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided -by net-misc/curl-7.62.0 and older ---- - tev_curl.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/tev_curl.c b/tev_curl.c -index 6a7a580..ce6fdba 100644 ---- a/src/util/tev_curl.c -+++ b/src/util/tev_curl.c -@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv) - return ETIMEDOUT; - case CURLE_SSL_ISSUER_ERROR: - case CURLE_SSL_CACERT_BADFILE: -- case CURLE_SSL_CACERT: - case CURLE_SSL_CERTPROBLEM: - return ERR_INVALID_CERT; - -@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv) - case CURLE_SSL_ENGINE_NOTFOUND: - case CURLE_SSL_CONNECT_ERROR: - return ERR_SSL_FAILURE; -- case CURLE_PEER_FAILED_VERIFICATION: -- return ERR_UNABLE_TO_VERIFY_PEER; - case CURLE_COULDNT_RESOLVE_HOST: - return ERR_UNABLE_TO_RESOLVE_HOST; - default: --- -2.19.2
\ No newline at end of file diff --git a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch deleted file mode 100644 index 87db45fd24bb..000000000000 --- a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001 -From: Tomas Halman <thalman@redhat.com> -Date: Mon, 3 Dec 2018 14:11:31 +0100 -Subject: [PATCH] nss: sssd returns '/' for emtpy home directories - -For empty home directory in passwd file sssd returns "/". Sssd -should respect system behaviour and return the same as nsswitch -"files" module - return empty string. - -Resolves: -https://pagure.io/SSSD/sssd/issue/3901 - -Reviewed-by: Simo Sorce <simo@redhat.com> -Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> -(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49) ---- - src/confdb/confdb.c | 9 +++++++++ - src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++ - src/responder/nss/nss_protocol_pwent.c | 2 +- - src/tests/intg/test_files_provider.py | 2 +- - 4 files changed, 30 insertions(+), 2 deletions(-) - -diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c -index a3eb9c66d9..17bb4f8274 100644 ---- a/src/confdb/confdb.c -+++ b/src/confdb/confdb.c -@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, - ret = ENOMEM; - goto done; - } -+ } else { -+ if (strcasecmp(domain->provider, "ad") == 0) { -+ /* ad provider default */ -+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u"); -+ if (!domain->fallback_homedir) { -+ ret = ENOMEM; -+ goto done; -+ } -+ } - } - - tmp = ldb_msg_find_attr_as_string(res->msgs[0], -diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml -index 818a2bf787..425b7e8ee0 100644 ---- a/src/man/include/ad_modified_defaults.xml -+++ b/src/man/include/ad_modified_defaults.xml -@@ -76,4 +76,23 @@ - </listitem> - </itemizedlist> - </refsect2> -+ <refsect2 id='nss_modifications'> -+ <title>NSS configuration</title> -+ <itemizedlist> -+ <listitem> -+ <para> -+ fallback_homedir = /home/%d/%u -+ </para> -+ <para> -+ The AD provider automatically sets -+ "fallback_homedir = /home/%d/%u" to provide personal -+ home directories for users without the homeDirectory -+ attribute. If your AD Domain is properly -+ populated with Posix attributes, and you want to avoid -+ this fallback behavior, you can explicitly -+ set "fallback_homedir = %o". -+ </para> -+ </listitem> -+ </itemizedlist> -+ </refsect2> - </refsect1> -diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c -index af9e74fc86..86fa4ec465 100644 ---- a/src/responder/nss/nss_protocol_pwent.c -+++ b/src/responder/nss/nss_protocol_pwent.c -@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx, - - homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx); - if (homedir == NULL) { -- return "/"; -+ return ""; - } - - return homedir; -diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py -index ead1cc4c34..4761f1bd15 100644 ---- a/src/tests/intg/test_files_provider.py -+++ b/src/tests/intg/test_files_provider.py -@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only): - Test that resolving a user without a homedir defined works and returns - a fallback value - """ -- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/')) -+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '')) - - - def test_user_no_gecos(setup_pw_with_canary, files_domain_only): diff --git a/sys-auth/sssd/sssd-1.16.3-r3.ebuild b/sys-auth/sssd/sssd-1.16.3-r3.ebuild deleted file mode 100644 index a887a0cb720e..000000000000 --- a/sys-auth/sssd/sssd-1.16.3-r3.ebuild +++ /dev/null @@ -1,233 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs - -DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" -RESTRICT="!test? ( test )" - -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 - >=dev-libs/ding-libs-0.2 - >=sys-libs/talloc-2.0.7 - >=sys-libs/tdb-1.2.9 - >=sys-libs/tevent-0.9.16 - >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.5 ) - " - -RDEPEND="${COMMON_DEP} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 - app-text/docbook-xml-dtd:4.4 - )" - -CONFIG_CHECK="~KEYS" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/ipa_hbac.h - /usr/include/sss_idmap.h - /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h - # --with-ifp - /usr/include/sss_sifp.h - /usr/include/sss_sifp_dbus.h - # from 1.15.3 - /usr/include/sss_certmap.h -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - eapply "${FILESDIR}"/${PN}-curl-macros.patch - eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch - - default - eautoreconf - multilib_copy_sources -} - -src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. - local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" - - myconf+=( - --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) - --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) - --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --with-os=gentoo - --with-nscd - --with-unicode-lib="glib2" - --disable-rpath - --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) - $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_with selinux) - $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) - $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) - $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" - --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config - ) - - if ! multilib_is_native_abi; then - # work-around all the libraries that are used for CLI and server - myconf+=( - {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' - # ldb headers are fine since native needs it - # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' - - # use native include path for dbus (needed for build) - DBUS_CFLAGS="${native_dbus_cflags}" - - # non-pkgconfig checks - ac_cv_lib_ldap_ldap_search=yes - --without-secrets - --without-libwbclient - --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true - ) - fi - - econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - default - else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install - else - # easier than playing with automake... - dopammod .libs/pam_sss.so - - into / - dolib.so .libs/libnss_sss.so* - - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - insinto /etc/sssd - insopts -m600 - doins "${S}"/src/examples/sssd-example.conf - - insinto /etc/logrotate.d - insopts -m644 - newins "${S}"/src/examples/logrotate sssd - - newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd - - keepdir /var/lib/sss/db - keepdir /var/lib/sss/deskprofile - keepdir /var/lib/sss/gpo_cache - keepdir /var/lib/sss/keytabs - keepdir /var/lib/sss/mc - keepdir /var/lib/sss/pipes/private - keepdir /var/lib/sss/pubconf/krb5.include.d - keepdir /var/lib/sss/secrets - keepdir /var/log/sssd - - systemd_dounit "${FILESDIR}/${PN}.service" -} - -multilib_src_test() { - default -} - -pkg_postinst() { - elog "You must set up sssd.conf (default installed into /etc/sssd)" - elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x" -} diff --git a/sys-auth/sssd/sssd-2.1.0-r1.ebuild b/sys-auth/sssd/sssd-2.1.0-r1.ebuild deleted file mode 100644 index 98af8535a88f..000000000000 --- a/sys-auth/sssd/sssd-2.1.0-r1.ebuild +++ /dev/null @@ -1,230 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs - -DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" -RESTRICT="!test? ( test )" - -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 - >=dev-libs/ding-libs-0.2 - >=sys-libs/talloc-2.0.7 - >=sys-libs/tdb-1.2.9 - >=sys-libs/tevent-0.9.16 - >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.10.2[winbind] ) - " - -RDEPEND="${COMMON_DEP} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 - app-text/docbook-xml-dtd:4.4 - )" - -CONFIG_CHECK="~KEYS" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/ipa_hbac.h - /usr/include/sss_idmap.h - /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h - # --with-ifp - /usr/include/sss_sifp.h - /usr/include/sss_sifp_dbus.h - # from 1.15.3 - /usr/include/sss_certmap.h -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - default - eautoreconf - multilib_copy_sources -} - -src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. - local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" - - myconf+=( - --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) - --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) - --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --with-os=gentoo - --with-nscd - --with-unicode-lib="glib2" - --disable-rpath - --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) - $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_with selinux) - $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) - $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) - $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" - --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config - ) - - if ! multilib_is_native_abi; then - # work-around all the libraries that are used for CLI and server - myconf+=( - {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' - # ldb headers are fine since native needs it - # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' - - # use native include path for dbus (needed for build) - DBUS_CFLAGS="${native_dbus_cflags}" - - # non-pkgconfig checks - ac_cv_lib_ldap_ldap_search=yes - --without-secrets - --without-libwbclient - --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true - ) - fi - - econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - default - else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install - else - # easier than playing with automake... - dopammod .libs/pam_sss.so - - into / - dolib.so .libs/libnss_sss.so* - - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - insinto /etc/sssd - insopts -m600 - doins "${S}"/src/examples/sssd-example.conf - - insinto /etc/logrotate.d - insopts -m644 - newins "${S}"/src/examples/logrotate sssd - - newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd - - keepdir /var/lib/sss/db - keepdir /var/lib/sss/deskprofile - keepdir /var/lib/sss/gpo_cache - keepdir /var/lib/sss/keytabs - keepdir /var/lib/sss/mc - keepdir /var/lib/sss/pipes/private - keepdir /var/lib/sss/pubconf/krb5.include.d - keepdir /var/lib/sss/secrets - keepdir /var/log/sssd - - systemd_dounit "${FILESDIR}/${PN}.service" -} - -multilib_src_test() { - default -} - -pkg_postinst() { - elog "You must set up sssd.conf (default installed into /etc/sssd)" - elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" -} diff --git a/sys-auth/sssd/sssd-2.2.0-r1.ebuild b/sys-auth/sssd/sssd-2.2.0-r1.ebuild index 98af8535a88f..7b60f06f16c6 100644 --- a/sys-auth/sssd/sssd-2.2.0-r1.ebuild +++ b/sys-auth/sssd/sssd-2.2.0-r1.ebuild @@ -8,7 +8,7 @@ inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain DESCRIPTION="System Security Services Daemon provides access to identity and authentication" HOMEPAGE="https://pagure.io/SSSD/sssd" SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86" LICENSE="GPL-3" SLOT="0" diff --git a/sys-auth/sssd/sssd-2.2.2.ebuild b/sys-auth/sssd/sssd-2.2.2.ebuild deleted file mode 100644 index 98af8535a88f..000000000000 --- a/sys-auth/sssd/sssd-2.2.2.ebuild +++ /dev/null @@ -1,230 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs - -DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" -RESTRICT="!test? ( test )" - -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 - >=dev-libs/ding-libs-0.2 - >=sys-libs/talloc-2.0.7 - >=sys-libs/tdb-1.2.9 - >=sys-libs/tevent-0.9.16 - >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl - locator? ( - >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] - >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] - ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 - acl? ( net-fs/cifs-utils[acl] ) - nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) - nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) - samba? ( >=net-fs/samba-4.10.2[winbind] ) - " - -RDEPEND="${COMMON_DEP} - >=sys-libs/glibc-2.17[nscd] - selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) - " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 - app-text/docbook-xml-dtd:4.4 - )" - -CONFIG_CHECK="~KEYS" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/ipa_hbac.h - /usr/include/sss_idmap.h - /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h - # --with-ifp - /usr/include/sss_sifp.h - /usr/include/sss_sifp_dbus.h - # from 1.15.3 - /usr/include/sss_certmap.h -) - -pkg_setup() { - linux-info_pkg_setup -} - -src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" - - default - eautoreconf - multilib_copy_sources -} - -src_configure() { - local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) - - multilib-minimal_src_configure -} - -multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. - local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" - - myconf+=( - --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) - --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd - --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) - --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb - --with-os=gentoo - --with-nscd - --with-unicode-lib="glib2" - --disable-rpath - --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) - $(multilib_native_use_enable acl cifs-idmap-plugin) - $(multilib_native_use_with selinux) - $(multilib_native_use_with selinux semanage) - $(use_enable locator krb5-locator-plugin) - $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) - $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) - $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" - --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config - ) - - if ! multilib_is_native_abi; then - # work-around all the libraries that are used for CLI and server - myconf+=( - {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' - # ldb headers are fine since native needs it - # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' - - # use native include path for dbus (needed for build) - DBUS_CFLAGS="${native_dbus_cflags}" - - # non-pkgconfig checks - ac_cv_lib_ldap_ldap_search=yes - --without-secrets - --without-libwbclient - --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true - ) - fi - - econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - default - else - emake libnss_sss.la pam_sss.la - use locator && emake sssd_krb5_locator_plugin.la - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - emake -j1 DESTDIR="${D}" "${_at_args[@]}" install - else - # easier than playing with automake... - dopammod .libs/pam_sss.so - - into / - dolib.so .libs/libnss_sss.so* - - if use locator; then - exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 - doexe .libs/sssd_krb5_locator_plugin.so - fi - fi -} - -multilib_src_install_all() { - einstalldocs - find "${ED}" -type f -name '*.la' -delete || die - - insinto /etc/sssd - insopts -m600 - doins "${S}"/src/examples/sssd-example.conf - - insinto /etc/logrotate.d - insopts -m644 - newins "${S}"/src/examples/logrotate sssd - - newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd - - keepdir /var/lib/sss/db - keepdir /var/lib/sss/deskprofile - keepdir /var/lib/sss/gpo_cache - keepdir /var/lib/sss/keytabs - keepdir /var/lib/sss/mc - keepdir /var/lib/sss/pipes/private - keepdir /var/lib/sss/pubconf/krb5.include.d - keepdir /var/lib/sss/secrets - keepdir /var/log/sssd - - systemd_dounit "${FILESDIR}/${PN}.service" -} - -multilib_src_test() { - default -} - -pkg_postinst() { - elog "You must set up sssd.conf (default installed into /etc/sssd)" - elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" -} diff --git a/sys-auth/sssd/sssd-2.3.1-r1.ebuild b/sys-auth/sssd/sssd-2.3.1-r2.ebuild index 72dab04b2dc2..6d23123d5e87 100644 --- a/sys-auth/sssd/sssd-2.3.1-r1.ebuild +++ b/sys-auth/sssd/sssd-2.3.1-r2.ebuild @@ -10,7 +10,7 @@ inherit autotools flag-o-matic linux-info multilib-minimal python-single-r1 pam DESCRIPTION="System Security Services Daemon provides access to identity and authentication" HOMEPAGE="https://github.com/SSSD/sssd" SRC_URI="https://github.com/SSSD/sssd/releases/download/${PN}-${PV//./_}/${P}.tar.gz" -KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86" LICENSE="GPL-3" SLOT="0" @@ -151,6 +151,7 @@ multilib_src_configure() { --disable-rpath --sbindir=/usr/sbin --with-crypto="libcrypto" + --enable-local-provider $(multilib_native_use_with systemd kcm) $(multilib_native_use_with systemd secrets) $(use_with samba) @@ -170,7 +171,6 @@ multilib_src_configure() { $(use_enable valgrind) --without-python2-bindings $(multilib_native_use_with python python3-bindings) - ) # Annoyingly configure requires that you pick systemd XOR sysv diff --git a/sys-auth/sssd/sssd-2.2.3.ebuild b/sys-auth/sssd/sssd-2.4.0.ebuild index 044a58e86151..bcbe35cbeb98 100644 --- a/sys-auth/sssd/sssd-2.2.3.ebuild +++ b/sys-auth/sssd/sssd-2.4.0.ebuild @@ -3,65 +3,91 @@ EAPI=7 -inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs +PYTHON_COMPAT=( python3_{7,8,9} ) + +inherit autotools flag-o-matic linux-info multilib-minimal python-single-r1 pam systemd toolchain-funcs DESCRIPTION="System Security Services Daemon provides access to identity and authentication" -HOMEPAGE="https://pagure.io/SSSD/sssd" -SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +HOMEPAGE="https://github.com/SSSD/sssd" +SRC_URI="https://github.com/SSSD/sssd/releases/download/${PN}-${PV//./_}/${P}.tar.gz" KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" LICENSE="GPL-3" SLOT="0" -IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test" +IUSE="acl doc +locator +netlink nfsv4 nls +man pac python samba selinux sudo systemd test valgrind" RESTRICT="!test? ( test )" -COMMON_DEP=" - >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/popt-1.16 - dev-libs/glib:2 +REQUIRED_USE="pac? ( samba ) + python? ( ${PYTHON_REQUIRED_USE} )" + +DEPEND=" + >=app-crypt/mit-krb5-1.10.3 + app-crypt/p11-kit >=dev-libs/ding-libs-0.2 + dev-libs/glib:2 + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + >=dev-libs/libpcre-8.30:= + >=dev-libs/popt-1.16 + >=dev-libs/openssl-1.0.2:0= + >=net-dns/bind-tools-9.9[gssapi] + >=net-dns/c-ares-1.7.4 + >=net-nds/openldap-2.4.30[sasl] + >=sys-apps/dbus-1.6 + >=sys-apps/keyutils-1.5:= + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] >=sys-libs/talloc-2.0.7 >=sys-libs/tdb-1.2.9 >=sys-libs/tevent-0.9.16 >=sys-libs/ldb-1.1.17-r1:= - >=net-nds/openldap-2.4.30[sasl] - net-libs/http-parser - >=dev-libs/libpcre-8.30 - >=app-crypt/mit-krb5-1.10.3 - dev-libs/jansson - net-misc/curl + virtual/libintl locator? ( >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] ) - >=sys-apps/keyutils-1.5:= - >=net-dns/c-ares-1.7.4 - >=dev-libs/nss-3.12.9 - selinux? ( - >=sys-libs/libselinux-2.1.9 - >=sys-libs/libsemanage-2.1 - ) - >=net-dns/bind-tools-9.9[gssapi] - >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] - >=sys-apps/dbus-1.6 acl? ( net-fs/cifs-utils[acl] ) + netlink? ( dev-libs/libnl:3 ) nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) nls? ( >=sys-devel/gettext-0.18 ) - virtual/libintl - netlink? ( dev-libs/libnl:3 ) + pac? ( + app-crypt/mit-krb5[${MULTILIB_USEDEP}] + net-fs/samba + ) + python? ( ${PYTHON_DEPS} ) samba? ( >=net-fs/samba-4.10.2[winbind] ) + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + systemd? ( + dev-libs/jansson:0= + net-libs/http-parser:0= + net-misc/curl:0= + ) " -RDEPEND="${COMMON_DEP} +RDEPEND="${DEPEND} >=sys-libs/glibc-2.17[nscd] selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) " -DEPEND="${COMMON_DEP} - test? ( dev-libs/check ) - manpages? ( - >=dev-libs/libxslt-1.1.26 +BDEPEND="${DEPEND} + >=sys-devel/autoconf-2.69-r5 + doc? ( app-doc/doxygen ) + test? ( + dev-libs/check + dev-libs/softhsm:2 + dev-util/cmocka + net-libs/gnutls[pkcs11,tools] + sys-libs/libfaketime + sys-libs/nss_wrapper + sys-libs/pam_wrapper + sys-libs/uid_wrapper + valgrind? ( dev-util/valgrind ) + ) + man? ( app-text/docbook-xml-dtd:4.4 - )" + >=dev-libs/libxslt-1.1.26 + nls? ( app-text/po4a ) + )" CONFIG_CHECK="~KEYS" @@ -69,7 +95,6 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/ipa_hbac.h /usr/include/sss_idmap.h /usr/include/sss_nss_idmap.h - /usr/include/wbclient_sssd.h # --with-ifp /usr/include/sss_sifp.h /usr/include/sss_sifp_dbus.h @@ -77,21 +102,20 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/sss_certmap.h ) -PATCHES=( - "${FILESDIR}"/${P}-glibc-2.32-compat.patch -) - pkg_setup() { linux-info_pkg_setup } src_prepare() { - sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ - "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" + sed -i 's:/var/run:/run:' \ + "${S}"/src/examples/logrotate || die default eautoreconf multilib_copy_sources + if use python && multilib_is_native_abi; then + python_setup + fi } src_configure() { @@ -101,54 +125,68 @@ src_configure() { } multilib_src_configure() { - # set initscript to sysv because the systemd option needs systemd to - # be installed. We provide our own systemd file anyway. local myconf=() - #Work around linker dependency problem. - append-ldflags "-Wl,--allow-shlib-undefined" myconf+=( --localstatedir="${EPREFIX}"/var - --enable-nsslibdir="${EPREFIX}"/$(get_libdir) + --runstatedir="${EPREFIX}"/run + --with-pid-path="${EPREFIX}"/run --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-db-path="${EPREFIX}"/var/lib/sss/db + --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache + --with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf + --with-pipe-path="${EPREFIX}"/var/lib/sss/pipes + --with-mcache-path="${EPREFIX}"/var/lib/sss/mc + --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets + --with-log-path="${EPREFIX}"/var/log/sssd --with-os=gentoo - --with-nscd + --with-nscd="${EPREFIX}"/usr/sbin/nscd --with-unicode-lib="glib2" --disable-rpath --sbindir=/usr/sbin - --without-kcm - $(use_with samba libwbclient) - --with-secrets - $(multilib_native_use_with samba) + --enable-local-provider + $(multilib_native_use_with systemd kcm) + $(multilib_native_use_with systemd secrets) + $(use_with samba) + --with-smb-idmap-interface-version=6 $(multilib_native_use_enable acl cifs-idmap-plugin) $(multilib_native_use_with selinux) $(multilib_native_use_with selinux semanage) $(use_enable locator krb5-locator-plugin) + $(use_enable pac pac-responder) $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) - $(use_enable nls ) + $(use_enable nls) $(multilib_native_use_with netlink libnl) - $(multilib_native_use_with manpages) + $(multilib_native_use_with man manpages) $(multilib_native_use_with sudo) - $(multilib_native_use_with autofs) - $(multilib_native_use_with ssh) - --with-crypto="nss" - --with-initscript="sysv" + $(multilib_native_with autofs) + $(multilib_native_with ssh) + $(use_enable valgrind) --without-python2-bindings - --without-python3-bindings - - KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config + $(multilib_native_use_with python python3-bindings) ) + # Annoyingly configure requires that you pick systemd XOR sysv + if use systemd; then + myconf+=( + --with-initscript="systemd" + --with-systemdunitdir=$(systemd_get_systemunitdir) + ) + else + myconf+=(--with-initscript="sysv") + fi + if ! multilib_is_native_abi; then # work-around all the libraries that are used for CLI and server myconf+=( {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' # ldb headers are fine since native needs it # ldb lib fails... but it does not seem to bother - {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' - {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' + {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' + {NDR_NBT,SMBCLIENT,NDR_KRB5PAC}_{CFLAGS,LIBS}=' ' # use native include path for dbus (needed for build) DBUS_CFLAGS="${native_dbus_cflags}" @@ -156,13 +194,7 @@ multilib_src_configure() { # non-pkgconfig checks ac_cv_lib_ldap_ldap_search=yes --without-secrets - --without-libwbclient --without-kcm - --with-crypto="" - ) - - use locator || myconf+=( - KRB5_CONFIG=/bin/true ) fi @@ -172,15 +204,25 @@ multilib_src_configure() { multilib_src_compile() { if multilib_is_native_abi; then default + use doc && emake docs + if use man || use nls; then + emake update-po + fi else emake libnss_sss.la pam_sss.la use locator && emake sssd_krb5_locator_plugin.la + use pac && emake sssd_pac_plugin.la fi } multilib_src_install() { if multilib_is_native_abi; then emake -j1 DESTDIR="${D}" "${_at_args[@]}" install + if use python; then + python_optimize + python_fix_shebang "${ED}" + fi + else # easier than playing with automake... dopammod .libs/pam_sss.so @@ -192,6 +234,11 @@ multilib_src_install() { exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 doexe .libs/sssd_krb5_locator_plugin.so fi + + if use pac; then + exeinto /usr/$(get_libdir)/krb5/plugins/authdata + doexe .libs/sssd_pac_plugin.so + fi fi } @@ -208,7 +255,6 @@ multilib_src_install_all() { newins "${S}"/src/examples/logrotate sssd newconfd "${FILESDIR}"/sssd.conf sssd - newinitd "${FILESDIR}"/sssd sssd keepdir /var/lib/sss/db keepdir /var/lib/sss/deskprofile @@ -220,15 +266,21 @@ multilib_src_install_all() { keepdir /var/lib/sss/secrets keepdir /var/log/sssd - systemd_dounit "${FILESDIR}/${PN}.service" + # strip empty dirs + if ! use doc ; then + rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die + rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die + fi + + rm -r "${ED}"/run || die } multilib_src_test() { - default + multilib_is_native_abi && emake check } pkg_postinst() { elog "You must set up sssd.conf (default installed into /etc/sssd)" elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" - elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html" + elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html" } |