summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMikle Kolyada <zlogene@gentoo.org>2020-10-10 14:41:13 +0300
committerMikle Kolyada <zlogene@gentoo.org>2020-10-10 14:41:13 +0300
commit193c6fc3382f200c33f4ab840768c6578b4e94b3 (patch)
tree22ecc3094a297fdab8e53ab5e79052829a28e743 /sys-auth/sssd
parentsys-auth/sssd: Stabilize 2.2.0-r1 x86, #699864 (diff)
downloadgentoo-193c6fc3382f200c33f4ab840768c6578b4e94b3.tar.gz
gentoo-193c6fc3382f200c33f4ab840768c6578b4e94b3.tar.bz2
gentoo-193c6fc3382f200c33f4ab840768c6578b4e94b3.zip
sys-auth/sssd: Drop old (Security cleanup)
Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Diffstat (limited to 'sys-auth/sssd')
-rw-r--r--sys-auth/sssd/Manifest2
-rw-r--r--sys-auth/sssd/files/sssd-curl-macros.patch34
-rw-r--r--sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch96
-rw-r--r--sys-auth/sssd/sssd-1.16.3-r3.ebuild233
-rw-r--r--sys-auth/sssd/sssd-2.1.0-r1.ebuild230
5 files changed, 0 insertions, 595 deletions
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
index 8a957aee6b06..89f180119901 100644
--- a/sys-auth/sssd/Manifest
+++ b/sys-auth/sssd/Manifest
@@ -1,5 +1,3 @@
-DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728
-DIST sssd-2.1.0.tar.gz 6463331 BLAKE2B 9226370dc384c58841d944bdf9b067d953bf138ee7a289f01a4b8bb5d09beee3b9f21609989123d8f4f9fc13237670d61e32dcb194555ddc6785c598ce78d08c SHA512 12a7e5b89d462350af3c43e15b24a437dd985ac4a2e419d5e52cc0d05c6eacb9319d39b23681595ef860120cd1ae6e5fb265054afeddcb05d3d5f5de5d6ffa63
DIST sssd-2.2.0.tar.gz 6642715 BLAKE2B e6c16ca69effe59769fc166c02203faee445ebe2bf551c6a1460bdee2474ccbce1a38b3aa59b1ae4a79bb170696a784b800a9299025bf6a58bc9aeb94b946338 SHA512 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb
DIST sssd-2.2.2.tar.gz 6767578 BLAKE2B e0eedaf1da1de953903730c96479af0709ee14dd83eca82a11316dc96c29573b5f3de5965f386d5c12a69e7d98b6168c9d197bbd46ac51f0122feababe52dfe1 SHA512 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801
DIST sssd-2.2.3.tar.gz 6894302 BLAKE2B b72443ebd4f50581a0d9d2b7cf691fdda0dfe3cfb2ed82c383595aeca8d6198c7f44f1c49e56bdfeac23f9151897ac2df70d1afbbeceb2231daee71492884420 SHA512 b61d52a53e26e8efa9cb799fc6efc2314bf9d174d3cacfe591a4ca77530637591eacc0dc70c0555252e04a9617e8b134b1ab2d9b0f7351b4228e7b61499e6a10
diff --git a/sys-auth/sssd/files/sssd-curl-macros.patch b/sys-auth/sssd/files/sssd-curl-macros.patch
deleted file mode 100644
index 91e71e837875..000000000000
--- a/sys-auth/sssd/files/sssd-curl-macros.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From d3cdf9cbfbace4874c6e5c96f1e5ef5b342c813e Mon Sep 17 00:00:00 2001
-From: Mikle Kolyada <zlogene@gentoo.org>
-Date: Sun, 16 Dec 2018 20:42:39 +0300
-Subject: [PATCH] tev_curl.c: remove case duplication
-
-CURLE_SSL_CACERT and CURLE_PEER_FAILED_VERIFICATION macros are provided
-by net-misc/curl-7.62.0 and older
----
- tev_curl.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/tev_curl.c b/tev_curl.c
-index 6a7a580..ce6fdba 100644
---- a/src/util/tev_curl.c
-+++ b/src/util/tev_curl.c
-@@ -97,7 +97,6 @@ static errno_t curl_code2errno(CURLcode crv)
- return ETIMEDOUT;
- case CURLE_SSL_ISSUER_ERROR:
- case CURLE_SSL_CACERT_BADFILE:
-- case CURLE_SSL_CACERT:
- case CURLE_SSL_CERTPROBLEM:
- return ERR_INVALID_CERT;
-
-@@ -110,8 +109,6 @@ static errno_t curl_code2errno(CURLcode crv)
- case CURLE_SSL_ENGINE_NOTFOUND:
- case CURLE_SSL_CONNECT_ERROR:
- return ERR_SSL_FAILURE;
-- case CURLE_PEER_FAILED_VERIFICATION:
-- return ERR_UNABLE_TO_VERIFY_PEER;
- case CURLE_COULDNT_RESOLVE_HOST:
- return ERR_UNABLE_TO_RESOLVE_HOST;
- default:
---
-2.19.2 \ No newline at end of file
diff --git a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch b/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
deleted file mode 100644
index 87db45fd24bb..000000000000
--- a/sys-auth/sssd/files/sssd-fix-CVE-2019-3811.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 28792523a01a7d21bcc8931794164f253e691a68 Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Mon, 3 Dec 2018 14:11:31 +0100
-Subject: [PATCH] nss: sssd returns '/' for emtpy home directories
-
-For empty home directory in passwd file sssd returns "/". Sssd
-should respect system behaviour and return the same as nsswitch
-"files" module - return empty string.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/3901
-
-Reviewed-by: Simo Sorce <simo@redhat.com>
-Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-(cherry picked from commit 90f32399b4100ce39cf665649fde82d215e5eb49)
----
- src/confdb/confdb.c | 9 +++++++++
- src/man/include/ad_modified_defaults.xml | 19 +++++++++++++++++++
- src/responder/nss/nss_protocol_pwent.c | 2 +-
- src/tests/intg/test_files_provider.py | 2 +-
- 4 files changed, 30 insertions(+), 2 deletions(-)
-
-diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
-index a3eb9c66d9..17bb4f8274 100644
---- a/src/confdb/confdb.c
-+++ b/src/confdb/confdb.c
-@@ -1301,6 +1301,15 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
- ret = ENOMEM;
- goto done;
- }
-+ } else {
-+ if (strcasecmp(domain->provider, "ad") == 0) {
-+ /* ad provider default */
-+ domain->fallback_homedir = talloc_strdup(domain, "/home/%d/%u");
-+ if (!domain->fallback_homedir) {
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+ }
- }
-
- tmp = ldb_msg_find_attr_as_string(res->msgs[0],
-diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
-index 818a2bf787..425b7e8ee0 100644
---- a/src/man/include/ad_modified_defaults.xml
-+++ b/src/man/include/ad_modified_defaults.xml
-@@ -76,4 +76,23 @@
- </listitem>
- </itemizedlist>
- </refsect2>
-+ <refsect2 id='nss_modifications'>
-+ <title>NSS configuration</title>
-+ <itemizedlist>
-+ <listitem>
-+ <para>
-+ fallback_homedir = /home/%d/%u
-+ </para>
-+ <para>
-+ The AD provider automatically sets
-+ "fallback_homedir = /home/%d/%u" to provide personal
-+ home directories for users without the homeDirectory
-+ attribute. If your AD Domain is properly
-+ populated with Posix attributes, and you want to avoid
-+ this fallback behavior, you can explicitly
-+ set "fallback_homedir = %o".
-+ </para>
-+ </listitem>
-+ </itemizedlist>
-+ </refsect2>
- </refsect1>
-diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
-index af9e74fc86..86fa4ec465 100644
---- a/src/responder/nss/nss_protocol_pwent.c
-+++ b/src/responder/nss/nss_protocol_pwent.c
-@@ -118,7 +118,7 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
-
- homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
- if (homedir == NULL) {
-- return "/";
-+ return "";
- }
-
- return homedir;
-diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
-index ead1cc4c34..4761f1bd15 100644
---- a/src/tests/intg/test_files_provider.py
-+++ b/src/tests/intg/test_files_provider.py
-@@ -678,7 +678,7 @@ def test_user_no_dir(setup_pw_with_canary, files_domain_only):
- Test that resolving a user without a homedir defined works and returns
- a fallback value
- """
-- check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', '/'))
-+ check_user(incomplete_user_setup(setup_pw_with_canary, 'dir', ''))
-
-
- def test_user_no_gecos(setup_pw_with_canary, files_domain_only):
diff --git a/sys-auth/sssd/sssd-1.16.3-r3.ebuild b/sys-auth/sssd/sssd-1.16.3-r3.ebuild
deleted file mode 100644
index a887a0cb720e..000000000000
--- a/sys-auth/sssd/sssd-1.16.3-r3.ebuild
+++ /dev/null
@@ -1,233 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs
-
-DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
-HOMEPAGE="https://pagure.io/SSSD/sssd"
-SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
-KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86"
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEP="
- >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/popt-1.16
- dev-libs/glib:2
- >=dev-libs/ding-libs-0.2
- >=sys-libs/talloc-2.0.7
- >=sys-libs/tdb-1.2.9
- >=sys-libs/tevent-0.9.16
- >=sys-libs/ldb-1.1.17-r1:=
- >=net-nds/openldap-2.4.30[sasl]
- net-libs/http-parser
- >=dev-libs/libpcre-8.30
- >=app-crypt/mit-krb5-1.10.3
- dev-libs/jansson
- net-misc/curl
- locator? (
- >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
- >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
- )
- >=sys-apps/keyutils-1.5:=
- >=net-dns/c-ares-1.7.4
- >=dev-libs/nss-3.12.9
- selinux? (
- >=sys-libs/libselinux-2.1.9
- >=sys-libs/libsemanage-2.1
- )
- >=net-dns/bind-tools-9.9[gssapi]
- >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
- >=sys-apps/dbus-1.6
- acl? ( net-fs/cifs-utils[acl] )
- nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
- nls? ( >=sys-devel/gettext-0.18 )
- virtual/libintl
- netlink? ( dev-libs/libnl:3 )
- samba? ( >=net-fs/samba-4.5 )
- "
-
-RDEPEND="${COMMON_DEP}
- >=sys-libs/glibc-2.17[nscd]
- selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
- "
-DEPEND="${COMMON_DEP}
- test? ( dev-libs/check )
- manpages? (
- >=dev-libs/libxslt-1.1.26
- app-text/docbook-xml-dtd:4.4
- )"
-
-CONFIG_CHECK="~KEYS"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/ipa_hbac.h
- /usr/include/sss_idmap.h
- /usr/include/sss_nss_idmap.h
- /usr/include/wbclient_sssd.h
- # --with-ifp
- /usr/include/sss_sifp.h
- /usr/include/sss_sifp_dbus.h
- # from 1.15.3
- /usr/include/sss_certmap.h
-)
-
-pkg_setup() {
- linux-info_pkg_setup
-}
-
-src_prepare() {
- sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
- "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
-
- eapply "${FILESDIR}"/${PN}-curl-macros.patch
- eapply "${FILESDIR}"/${PN}-fix-CVE-2019-3811.patch
-
- default
- eautoreconf
- multilib_copy_sources
-}
-
-src_configure() {
- local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- # set initscript to sysv because the systemd option needs systemd to
- # be installed. We provide our own systemd file anyway.
- local myconf=()
- #Work around linker dependency problem.
- append-ldflags "-Wl,--allow-shlib-undefined"
-
- myconf+=(
- --localstatedir="${EPREFIX}"/var
- --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
- --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
- --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
- --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
- --with-os=gentoo
- --with-nscd
- --with-unicode-lib="glib2"
- --disable-rpath
- --sbindir=/usr/sbin
- --without-kcm
- $(use_with samba libwbclient)
- --with-secrets
- $(multilib_native_use_with samba)
- $(multilib_native_use_enable acl cifs-idmap-plugin)
- $(multilib_native_use_with selinux)
- $(multilib_native_use_with selinux semanage)
- $(use_enable locator krb5-locator-plugin)
- $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
- $(use_enable nls )
- $(multilib_native_use_with netlink libnl)
- $(multilib_native_use_with manpages)
- $(multilib_native_use_with sudo)
- $(multilib_native_use_with autofs)
- $(multilib_native_use_with ssh)
- --with-crypto="nss"
- --with-initscript="sysv"
- --without-python2-bindings
- --without-python3-bindings
-
- KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
- )
-
- if ! multilib_is_native_abi; then
- # work-around all the libraries that are used for CLI and server
- myconf+=(
- {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
- # ldb headers are fine since native needs it
- # ldb lib fails... but it does not seem to bother
- {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
-
- # use native include path for dbus (needed for build)
- DBUS_CFLAGS="${native_dbus_cflags}"
-
- # non-pkgconfig checks
- ac_cv_lib_ldap_ldap_search=yes
- --without-secrets
- --without-libwbclient
- --without-kcm
- --with-crypto=""
- )
-
- use locator || myconf+=(
- KRB5_CONFIG=/bin/true
- )
- fi
-
- econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
- else
- emake libnss_sss.la pam_sss.la
- use locator && emake sssd_krb5_locator_plugin.la
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
- else
- # easier than playing with automake...
- dopammod .libs/pam_sss.so
-
- into /
- dolib.so .libs/libnss_sss.so*
-
- if use locator; then
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
- fi
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- insinto /etc/sssd
- insopts -m600
- doins "${S}"/src/examples/sssd-example.conf
-
- insinto /etc/logrotate.d
- insopts -m644
- newins "${S}"/src/examples/logrotate sssd
-
- newconfd "${FILESDIR}"/sssd.conf sssd
- newinitd "${FILESDIR}"/sssd sssd
-
- keepdir /var/lib/sss/db
- keepdir /var/lib/sss/deskprofile
- keepdir /var/lib/sss/gpo_cache
- keepdir /var/lib/sss/keytabs
- keepdir /var/lib/sss/mc
- keepdir /var/lib/sss/pipes/private
- keepdir /var/lib/sss/pubconf/krb5.include.d
- keepdir /var/lib/sss/secrets
- keepdir /var/log/sssd
-
- systemd_dounit "${FILESDIR}/${PN}.service"
-}
-
-multilib_src_test() {
- default
-}
-
-pkg_postinst() {
- elog "You must set up sssd.conf (default installed into /etc/sssd)"
- elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/index.html#implemented-in-1-16-x"
-}
diff --git a/sys-auth/sssd/sssd-2.1.0-r1.ebuild b/sys-auth/sssd/sssd-2.1.0-r1.ebuild
deleted file mode 100644
index 98af8535a88f..000000000000
--- a/sys-auth/sssd/sssd-2.1.0-r1.ebuild
+++ /dev/null
@@ -1,230 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic linux-info multilib-minimal pam systemd toolchain-funcs
-
-DESCRIPTION="System Security Services Daemon provides access to identity and authentication"
-HOMEPAGE="https://pagure.io/SSSD/sssd"
-SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz"
-KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="acl autofs +locator +netlink nfsv4 nls +manpages samba selinux sudo ssh test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEP="
- >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/popt-1.16
- dev-libs/glib:2
- >=dev-libs/ding-libs-0.2
- >=sys-libs/talloc-2.0.7
- >=sys-libs/tdb-1.2.9
- >=sys-libs/tevent-0.9.16
- >=sys-libs/ldb-1.1.17-r1:=
- >=net-nds/openldap-2.4.30[sasl]
- net-libs/http-parser
- >=dev-libs/libpcre-8.30
- >=app-crypt/mit-krb5-1.10.3
- dev-libs/jansson
- net-misc/curl
- locator? (
- >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}]
- >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}]
- )
- >=sys-apps/keyutils-1.5:=
- >=net-dns/c-ares-1.7.4
- >=dev-libs/nss-3.12.9
- selinux? (
- >=sys-libs/libselinux-2.1.9
- >=sys-libs/libsemanage-2.1
- )
- >=net-dns/bind-tools-9.9[gssapi]
- >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos]
- >=sys-apps/dbus-1.6
- acl? ( net-fs/cifs-utils[acl] )
- nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) )
- nls? ( >=sys-devel/gettext-0.18 )
- virtual/libintl
- netlink? ( dev-libs/libnl:3 )
- samba? ( >=net-fs/samba-4.10.2[winbind] )
- "
-
-RDEPEND="${COMMON_DEP}
- >=sys-libs/glibc-2.17[nscd]
- selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )
- "
-DEPEND="${COMMON_DEP}
- test? ( dev-libs/check )
- manpages? (
- >=dev-libs/libxslt-1.1.26
- app-text/docbook-xml-dtd:4.4
- )"
-
-CONFIG_CHECK="~KEYS"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/ipa_hbac.h
- /usr/include/sss_idmap.h
- /usr/include/sss_nss_idmap.h
- /usr/include/wbclient_sssd.h
- # --with-ifp
- /usr/include/sss_sifp.h
- /usr/include/sss_sifp_dbus.h
- # from 1.15.3
- /usr/include/sss_certmap.h
-)
-
-pkg_setup() {
- linux-info_pkg_setup
-}
-
-src_prepare() {
- sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \
- "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in"
-
- default
- eautoreconf
- multilib_copy_sources
-}
-
-src_configure() {
- local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1)
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- # set initscript to sysv because the systemd option needs systemd to
- # be installed. We provide our own systemd file anyway.
- local myconf=()
- #Work around linker dependency problem.
- append-ldflags "-Wl,--allow-shlib-undefined"
-
- myconf+=(
- --localstatedir="${EPREFIX}"/var
- --enable-nsslibdir="${EPREFIX}"/$(get_libdir)
- --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd
- --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir)
- --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb
- --with-os=gentoo
- --with-nscd
- --with-unicode-lib="glib2"
- --disable-rpath
- --sbindir=/usr/sbin
- --without-kcm
- $(use_with samba libwbclient)
- --with-secrets
- $(multilib_native_use_with samba)
- $(multilib_native_use_enable acl cifs-idmap-plugin)
- $(multilib_native_use_with selinux)
- $(multilib_native_use_with selinux semanage)
- $(use_enable locator krb5-locator-plugin)
- $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin)
- $(use_enable nls )
- $(multilib_native_use_with netlink libnl)
- $(multilib_native_use_with manpages)
- $(multilib_native_use_with sudo)
- $(multilib_native_use_with autofs)
- $(multilib_native_use_with ssh)
- --with-crypto="nss"
- --with-initscript="sysv"
- --without-python2-bindings
- --without-python3-bindings
-
- KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config
- )
-
- if ! multilib_is_native_abi; then
- # work-around all the libraries that are used for CLI and server
- myconf+=(
- {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' '
- # ldb headers are fine since native needs it
- # ldb lib fails... but it does not seem to bother
- {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' '
- {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' '
-
- # use native include path for dbus (needed for build)
- DBUS_CFLAGS="${native_dbus_cflags}"
-
- # non-pkgconfig checks
- ac_cv_lib_ldap_ldap_search=yes
- --without-secrets
- --without-libwbclient
- --without-kcm
- --with-crypto=""
- )
-
- use locator || myconf+=(
- KRB5_CONFIG=/bin/true
- )
- fi
-
- econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
- if multilib_is_native_abi; then
- default
- else
- emake libnss_sss.la pam_sss.la
- use locator && emake sssd_krb5_locator_plugin.la
- fi
-}
-
-multilib_src_install() {
- if multilib_is_native_abi; then
- emake -j1 DESTDIR="${D}" "${_at_args[@]}" install
- else
- # easier than playing with automake...
- dopammod .libs/pam_sss.so
-
- into /
- dolib.so .libs/libnss_sss.so*
-
- if use locator; then
- exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5
- doexe .libs/sssd_krb5_locator_plugin.so
- fi
- fi
-}
-
-multilib_src_install_all() {
- einstalldocs
- find "${ED}" -type f -name '*.la' -delete || die
-
- insinto /etc/sssd
- insopts -m600
- doins "${S}"/src/examples/sssd-example.conf
-
- insinto /etc/logrotate.d
- insopts -m644
- newins "${S}"/src/examples/logrotate sssd
-
- newconfd "${FILESDIR}"/sssd.conf sssd
- newinitd "${FILESDIR}"/sssd sssd
-
- keepdir /var/lib/sss/db
- keepdir /var/lib/sss/deskprofile
- keepdir /var/lib/sss/gpo_cache
- keepdir /var/lib/sss/keytabs
- keepdir /var/lib/sss/mc
- keepdir /var/lib/sss/pipes/private
- keepdir /var/lib/sss/pubconf/krb5.include.d
- keepdir /var/lib/sss/secrets
- keepdir /var/log/sssd
-
- systemd_dounit "${FILESDIR}/${PN}.service"
-}
-
-multilib_src_test() {
- default
-}
-
-pkg_postinst() {
- elog "You must set up sssd.conf (default installed into /etc/sssd)"
- elog "and (optionally) configuration in /etc/pam.d in order to use SSSD"
- elog "features. Please see howto in https://docs.pagure.org/SSSD.sssd/design_pages/smartcard_authentication_require.html"
-}