diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2006-06-14 09:27:42 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2006-06-14 09:27:42 +0000 |
commit | 3cf3cec57f27004c64c52e67d3817917d1d4bbf7 (patch) | |
tree | 9bdb2e57e72611ab6f7d77a6ae6d8a36ecfe552c /sys-auth | |
parent | ppc stable (diff) | |
download | gentoo-2-3cf3cec57f27004c64c52e67d3817917d1d4bbf7.tar.gz gentoo-2-3cf3cec57f27004c64c52e67d3817917d1d4bbf7.tar.bz2 gentoo-2-3cf3cec57f27004c64c52e67d3817917d1d4bbf7.zip |
Commit 250-r1 with modified timeout values. Please see my blog posting http://tinyurl.com/qewur for a detailed explaination.
(Portage version: 2.1)
Diffstat (limited to 'sys-auth')
-rw-r--r-- | sys-auth/nss_ldap/ChangeLog | 9 | ||||
-rw-r--r-- | sys-auth/nss_ldap/files/digest-nss_ldap-250-r1 | 3 | ||||
-rw-r--r-- | sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch | 71 | ||||
-rw-r--r-- | sys-auth/nss_ldap/nss_ldap-250-r1.ebuild | 66 |
4 files changed, 148 insertions, 1 deletions
diff --git a/sys-auth/nss_ldap/ChangeLog b/sys-auth/nss_ldap/ChangeLog index a8ed16d0b164..dbe9f91ffb6b 100644 --- a/sys-auth/nss_ldap/ChangeLog +++ b/sys-auth/nss_ldap/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-auth/nss_ldap # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.23 2006/06/11 10:20:23 blubb Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.24 2006/06/14 09:27:42 robbat2 Exp $ + +*nss_ldap-250-r1 (14 Jun 2006) + + 14 Jun 2006; Robin H. Johnson <robbat2@gentoo.org> + +files/nss_ldap-250-reconnect-timeouts.patch, +nss_ldap-250-r1.ebuild: + Commit 250-r1 with modified timeout values. Please see my blog posting + http://tinyurl.com/qewur for a detailed explaination. 11 Jun 2006; Simon Stelling <blubb@gentoo.org> nss_ldap-249.ebuild: stable on amd64 diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1 b/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1 new file mode 100644 index 000000000000..04f7f1e0783b --- /dev/null +++ b/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1 @@ -0,0 +1,3 @@ +MD5 ac1bcdaf0765b57b7d9023aa9cd07fb6 nss_ldap-250.tar.gz 240122 +RMD160 52a27c0282d43c0b4e291dceaeeac7fcf43d8ece nss_ldap-250.tar.gz 240122 +SHA256 555c8fc9585478bc31b25349469685fbb6036cc6895e3761731c2c0e7accf2f0 nss_ldap-250.tar.gz 240122 diff --git a/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch new file mode 100644 index 000000000000..dc8a37a916ed --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch @@ -0,0 +1,71 @@ +This patch changes the default timeouts, so that they are much lower, and do +not cause major delays when booting a system. This is a workaround until the +core /etc/{passwd,group} contain all of the data needed for a system boot. + +Also add a note that 'ssl on' is broken and TLS should be used instead. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> + +diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap-nss.h nss_ldap-250/ldap-nss.h +--- nss_ldap-250.orig/ldap-nss.h 2006-04-26 18:19:00.000000000 -0700 ++++ nss_ldap-250/ldap-nss.h 2006-06-14 01:58:01.933005492 -0700 +@@ -96,9 +96,9 @@ + * unacceptable, in which case you may wish to adjust + * the constants below. + */ +-#define LDAP_NSS_TRIES 5 /* number of sleeping reconnect attempts */ +-#define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until max */ +-#define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */ ++#define LDAP_NSS_TRIES 4 /* number of sleeping reconnect attempts */ ++#define LDAP_NSS_SLEEPTIME 1 /* seconds to sleep; doubled until max */ ++#define LDAP_NSS_MAXSLEEPTIME 16 /* maximum seconds to sleep */ + #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleeping */ + + #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H) +diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap.conf nss_ldap-250/ldap.conf +--- nss_ldap-250.orig/ldap.conf 2006-04-26 18:19:00.000000000 -0700 ++++ nss_ldap-250/ldap.conf 2006-06-14 02:12:02.008444745 -0700 +@@ -1,4 +1,4 @@ +- @(#)$Id: ldap.conf,v 2.46 2006/04/13 03:25:56 lukeh Exp $ ++# @(#)$Id: ldap.conf,v 2.46 2006/04/13 03:25:56 lukeh Exp $ + # + # This is the configuration file for the LDAP nameservice + # switch library and the LDAP PAM module. +@@ -283,7 +283,8 @@ + # OpenLDAP SSL mechanism + # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 + #ssl start_tls +-#ssl on ++###ssl on ++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead. + + # OpenLDAP SSL options + # Require and verify server certificate (yes/no) +@@ -315,3 +316,27 @@ + # Override the default Kerberos ticket cache location. + #krb5_ccname FILE:/etc/.ldapcache + ++# Timeout behavior ++# Upstream nss_ldap hard-codes these values: ++#nss_reconnect_tries 5 # number of times to double the sleep time ++#nss_reconnect_sleeptime 4 # initial sleep value ++#nss_reconnect_maxsleeptime 64 # max sleep value to cap at ++#nss_reconnect_maxconntries 2 # how many tries before sleeping ++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the ++# server is not available. ++ ++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values ++# (The hardwired constants in the code are changed to them as well): ++nss_reconnect_tries 4 # number of times to double the sleep time ++nss_reconnect_sleeptime 1 # initial sleep value ++nss_reconnect_maxsleeptime 16 # max sleep value to cap at ++nss_reconnect_maxconntries 2 # how many tries before sleeping ++# This leads to a delay of 15 seconds (1+2+4+8=15) ++ ++# If you are impatient, and know your LDAP server is reliable, fast or local, ++# you may wish to use these values instead: ++#nss_reconnect_tries 1 # number of times to double the sleep time ++#nss_reconnect_sleeptime 1 # initial sleep value ++#nss_reconnect_maxsleeptime 1 # max sleep value to cap at ++#nss_reconnect_maxconntries 3 # how many tries before sleeping ++# This leads to a delay of 1 second. diff --git a/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild new file mode 100644 index 000000000000..c06012f9e6b1 --- /dev/null +++ b/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild,v 1.1 2006/06/14 09:27:42 robbat2 Exp $ + +inherit fixheadtails eutils gnuconfig multilib + +IUSE="debug sasl" + +DESCRIPTION="NSS LDAP Module" +HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html" +SRC_URI="http://www.padl.com/download/${P}.tar.gz" + +SLOT="0" +LICENSE="LGPL-2" +KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" + +DEPEND=">=net-nds/openldap-2.1.30-r5 + sasl? ( dev-libs/cyrus-sasl )" +RDEPEND="${DEPEND}" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/nsswitch.ldap.diff + epatch ${FILESDIR}/${PN}-239-tls-security-bug.patch + epatch ${FILESDIR}/${PN}-249-sasl-compile.patch + epatch ${FILESDIR}/${PN}-250-reconnect-timeouts.patch + # fix head/tail stuff + ht_fix_file ${S}/Makefile.am ${S}/Makefile.in ${S}/depcomp + # fix build borkage + for i in Makefile.{in,am}; do + sed -i.orig \ + -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \ + ${S}/$i + done + # update config.{guess,sub} + gnuconfig_update +} + +src_compile() { + local myconf="" + use debug && myconf="${myconf} --enable-debugging" + + econf \ + --with-ldap-lib=openldap \ + --libdir=/$(get_libdir) \ + --enable-schema-mapping \ + --enable-paged-results \ + --enable-rfc2307bis \ + ${myconf} || die "configure failed" + + emake || die "make failed" +} + +src_install() { + dodir /$(get_libdir) + + emake -j1 DESTDIR="${D}" install || die "make install failed" + + insinto /etc + doins ldap.conf + + dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \ + COPYING CVSVersionInfo.txt README nsswitch.ldap certutil + docinto docs; dodoc doc/* +} |