diff --git a/etc/portage/env/sys-libs/glibc b/etc/portage/env/sys-libs/glibc new file mode 100644 index 0000000..147abee --- /dev/null +++ b/etc/portage/env/sys-libs/glibc @@ -0,0 +1,15 @@ +if [[ ${CATEGORY}/${PN} == sys-libs/glibc && ${EBUILD_PHASE} == configure ]]; then + cd "${S}" + einfo "Deprefixifying hardcoded path for /etc and /var" + + for f in libio/iopopen.c \ + shadow/lckpwdf.c resolv/{netdb,resolv}.h elf/rtld.c \ + nis/nss_compat/compat-{grp,initgroups,{,s}pwd}.c \ + nss/{bug-erange,nss_files/files-{XXX,init{,groups}}}.c \ + sysdeps/{{generic,unix/sysv/linux}/paths.h,posix/system.c} + do + ebegin " Updating $f" + sed -i -r "s,([:\"])${EPREFIX}/(etc|var),\1/\2,g" $f + eend $? + done +fi diff --git a/scripts/eessi_sets.yml b/scripts/eessi_sets.yml index 0640e12..3264677 100644 --- a/scripts/eessi_sets.yml +++ b/scripts/eessi_sets.yml @@ -29,6 +29,12 @@ eessi_sets: version: 0.2.1 overlay: eessi - name: sys-apps/dbus + - name: sys-auth/nss-pam-ldapd + version: 0.9.12-r2 + overlay: eessi + - name: sys-auth/sssd + version: 2.8.2 + overlay: eessi - name: sys-cluster/lmod - name: sys-cluster/rdma-core exclude_on: diff --git a/sys-auth/nss-pam-ldapd/Manifest b/sys-auth/nss-pam-ldapd/Manifest new file mode 100644 index 0000000..4bd95e8 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/Manifest @@ -0,0 +1,8 @@ +AUX nss-pam-ldapd-0.9.11-pynslcd-module-paths.patch 537 BLAKE2B 40167724748124428393c2cc0d70c2fa88abd5fc9c2b12739d79f6dbd9f39e7b53351a68fb6db0e4f11bc0f40b960d1ab4ea256ab1f8aa8c75fe9601fc5674c3 SHA512 2fd21d4851f255264cd0e95f88f45fbca62ad8124c1326569c18bea769c205d4992f88a5fff7ca4bf19cd07c9123a39ecd3df2d5221a0430fb1d25d7b4668a30 +AUX nss-pam-ldapd-0.9.11-relative-imports.patch 12280 BLAKE2B 9ae632b572a9a997cf704698b6aca7fc19c32e1f08f29de0f0457a6ee567596abf09ed2aeec2fab5535e98280eb887f6adb7a29ad4406216f0a3355c9931b2aa SHA512 2275d1c8ded5d8c2824c97dc361e84b62613453ec502a9685d7e27e54bc1a72da7830d119727f8f1e4df000b1dff53d631f8967eaf70bf75e043e0e302d9afac +AUX nss-pam-ldapd-0.9.11-tests-py39.patch 1143 BLAKE2B b4eb5d25ba9c40f00f3d84c9385a1ffc23cf5ec357ce33ba74c954378144e4d88fb811de9c1e802283f03d6be88052677624c1f75bc481938762c5bb0cef9b69 SHA512 f0d0d3345fd83bf1ecbbd5bd7784836b8d8c27b0238a4aefd15ad34b93ffbfc8474edd5a3c7955a2c90e822e426a59f578c6dbb80aed6c2e4b15543ce9dfc286 +AUX nss-pam-ldapd-0.9.11-tests.patch 1226 BLAKE2B f8fd1170bae8d206dab6fb11437db7290b488caf8f609f5676f46f55f3d31ba5a4fc59c5484e7151da8fb4a20c50f6739fa7de3115bc8ce706022422e753f31b SHA512 e60122304d4cad52a8e11ba804fd432da8102dc021e9272d0e284d88f3a1b5e7392ef71bfcb460eb3a5faf9ae7e95de943c4e35da03b17d029f058496b6a8087 +AUX nss-pam-ldapd-0.9.11-use-mkstemp.patch 789 BLAKE2B da9525e66873be615cfe90f6a03b717c8a0caf03edfbd3c9eba60391a3e92504c01093e254294ac3e063045de07df260573371a5405c8eea87917fc30056daca SHA512 a01a15b94977efc37d9d518049aaa52f308b0e3597aea6e17ca7badc790cccb617eb9154dcd3fef897b4093b147f8261dfc32ac2fc0ba48ba82573653fa358d8 +AUX nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch 403 BLAKE2B 2e17a92b3650ce4e6627be7ddb2f656cd9ab53e49d7e2b11d078dac0d7a00015d88d861bfdc1378eb25c1b9750ed3811023cc95b04ccf9d028ffc5899dc01cd5 SHA512 c8cccb044a641f673f12db9717bda4c0c4d91bd1933342595d8f3f540449459c5cf14263133487195b223670d450873f608e3ce5b6f1ca775ca7fe0180a9f962 +DIST nss-pam-ldapd-0.9.12.tar.gz 791983 BLAKE2B af580d400230db709f7ac09720edd6127b3b26c6987d1e8f6d6535ad8e68fd8cb5cf2a3319e4456fb2af28aba6528f7a5cdc28463ccfee747dbbf6abc35eee87 SHA512 5eca4851a9bcb2779548d193a363a143d6106bfc6463b8d3f0c2d5d7d227ec1e680861383d4813f40b44d1be2ce5f7ed019d838f7f6796e15f96f7411d3bb8f6 +EBUILD nss-pam-ldapd-0.9.12-r2.ebuild 4539 BLAKE2B 5f3a90ac831f7d74ccaff7f5785444b7052cd210a3f9ba05a3cfda22df8f1eeb4d736fb655df9bc2401bb6b04420a3ba1df0f7cf2ec4a9bcc27d051ee4545e4e diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-pynslcd-module-paths.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-pynslcd-module-paths.patch new file mode 100644 index 0000000..75ad101 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-pynslcd-module-paths.patch @@ -0,0 +1,25 @@ +diff --git a/pynslcd/pynslcd.py b/pynslcd/pynslcd.py +index 0691b61..df2ca4a 100755 +--- a/pynslcd/pynslcd.py ++++ b/pynslcd/pynslcd.py +@@ -30,13 +30,13 @@ import threading + import daemon + import ldap + +-import cfg +-import common +-import constants +-import invalidator +-import mypidfile +-import search +-from tio import TIOStream ++import pynslcd.cfg ++import pynslcd.common ++import pynslcd.constants ++import pynslcd.invalidator ++import pynslcd.mypidfile ++import pynslcd.search ++from pynslcd.tio import TIOStream + + + # the name of the program diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-relative-imports.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-relative-imports.patch new file mode 100644 index 0000000..101d0c7 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-relative-imports.patch @@ -0,0 +1,452 @@ +diff --git a/pynslcd/Makefile.am b/pynslcd/Makefile.am +index 383dd3c..39a3bfb 100644 +--- a/pynslcd/Makefile.am ++++ b/pynslcd/Makefile.am +@@ -19,7 +19,7 @@ + + pynslcddir = $(datadir)/pynslcd + +-pynslcd_PYTHON = pynslcd.py attmap.py cache.py cfg.py common.py expr.py \ ++pynslcd_PYTHON = main.py attmap.py cache.py cfg.py common.py expr.py \ + mypidfile.py invalidator.py search.py tio.py \ + config.py alias.py ether.py group.py host.py netgroup.py \ + network.py passwd.py protocol.py rpc.py service.py \ +@@ -38,6 +38,6 @@ constants.py: constants.py.in $(top_srcdir)/nslcd.h + # create a symbolic link for the pynslcd daemon and fix permissions + install-data-hook: + $(MKDIR_P) $(DESTDIR)$(sbindir) +- [ -L $(DESTDIR)$(sbindir)/pynslcd ] || $(LN_S) $(pynslcddir)/pynslcd.py $(DESTDIR)$(sbindir)/pynslcd +- chmod a+rx $(DESTDIR)$(pynslcddir)/pynslcd.py +- sed -i -e '1 s|^#!.*|#! $(PYTHON)|;1 s|^#! \([^/].*\)|#! /usr/bin/env \1|' $(DESTDIR)$(pynslcddir)/pynslcd.py ++ [ -L $(DESTDIR)$(sbindir)/pynslcd ] || $(LN_S) $(pynslcddir)/main.py $(DESTDIR)$(sbindir)/pynslcd ++ chmod a+rx $(DESTDIR)$(pynslcddir)/main.py ++ sed -i -e '1 s|^#!.*|#! $(PYTHON)|;1 s|^#! \([^/].*\)|#! /usr/bin/env \1|' $(DESTDIR)$(pynslcddir)/main.py +diff --git a/pynslcd/alias.py b/pynslcd/alias.py +index 8096309..614dd53 100644 +--- a/pynslcd/alias.py ++++ b/pynslcd/alias.py +@@ -18,10 +18,10 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + # 02110-1301 USA + +-import cache +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + attmap = common.Attributes( +diff --git a/pynslcd/attmap.py b/pynslcd/attmap.py +index 61862df..4d450f6 100644 +--- a/pynslcd/attmap.py ++++ b/pynslcd/attmap.py +@@ -45,7 +45,7 @@ import re + import ldap.dn + from ldap.filter import escape_filter_chars + +-from expr import Expression ++from pynslcd.expr import Expression + + + # exported names +diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py +index 877d442..14ae850 100644 +--- a/pynslcd/cfg.py ++++ b/pynslcd/cfg.py +@@ -133,8 +133,8 @@ _tls_reqcert_options = {'never': ldap.OPT_X_TLS_NEVER, + + def _get_maps(): + # separate function as not to pollute the namespace and avoid import loops +- import alias, ether, group, host, netgroup, network, passwd # noqa: E401 +- import protocol, rpc, service, shadow # noqa: E401 ++ from pynslcd import alias, ether, group, host, netgroup, network, passwd # noqa: E401 ++ from pynslcd import protocol, rpc, service, shadow # noqa: E401 + import sys + return dict( + alias=alias, aliases=alias, +@@ -293,7 +293,7 @@ def read(filename): # noqa: C901 (many simple branches) + # pam_authz_search + m = re.match(r'pam_authz_search\s+(?P\S.*)', line, re.IGNORECASE) + if m: +- from expr import Expression ++ from pynslcd.expr import Expression + pam_authz_searches.append(Expression(m.group('value'))) + # TODO: check pam_authz_search expression to only contain + # username, service, ruser, rhost, tty, hostname, fqdn, dn or +diff --git a/pynslcd/common.py b/pynslcd/common.py +index a5b168d..568ac2f 100644 +--- a/pynslcd/common.py ++++ b/pynslcd/common.py +@@ -23,9 +23,9 @@ import sys + + import ldap + +-from attmap import Attributes # noqa: F401 (used by other modules) +-import cfg +-import constants ++from pynslcd.attmap import Attributes # noqa: F401 (used by other modules) ++from pynslcd import cfg ++from pynslcd import constants + + + def is_valid_name(name): +diff --git a/pynslcd/config.py b/pynslcd/config.py +index ee57db3..ba8badb 100644 +--- a/pynslcd/config.py ++++ b/pynslcd/config.py +@@ -18,9 +18,9 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + # 02110-1301 USA + +-import cfg +-import common +-import constants ++from pynslcd import cfg ++from pynslcd import common ++from pynslcd import constants + + + class ConfigGetRequest(common.Request): +diff --git a/pynslcd/ether.py b/pynslcd/ether.py +index 9462ef0..2edc5de 100644 +--- a/pynslcd/ether.py ++++ b/pynslcd/ether.py +@@ -20,10 +20,10 @@ + + import struct + +-import cache +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + def ether_aton(ether): +diff --git a/pynslcd/group.py b/pynslcd/group.py +index 263e40c..422ee9e 100644 +--- a/pynslcd/group.py ++++ b/pynslcd/group.py +@@ -23,12 +23,12 @@ import logging + import ldap + from ldap.filter import escape_filter_chars + +-import cache +-import cfg +-import common +-import constants +-import passwd +-import search ++from pynslcd import cache ++from pynslcd import cfg ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import passwd ++from pynslcd import search + + + def clean(lst): +diff --git a/pynslcd/host.py b/pynslcd/host.py +index c6639df..30259d6 100644 +--- a/pynslcd/host.py ++++ b/pynslcd/host.py +@@ -18,10 +18,10 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + # 02110-1301 USA + +-import cache +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + attmap = common.Attributes( +diff --git a/pynslcd/invalidator.py b/pynslcd/invalidator.py +index 6d2eefe..b54946e 100644 +--- a/pynslcd/invalidator.py ++++ b/pynslcd/invalidator.py +@@ -23,7 +23,7 @@ import logging + import os + import subprocess + +-import cfg ++from pynslcd import cfg + + + # the file descriptor used for sending messages to the child process +diff --git a/pynslcd/mypidfile.py b/pynslcd/mypidfile.py +index 42935e2..dd7d59a 100644 +--- a/pynslcd/mypidfile.py ++++ b/pynslcd/mypidfile.py +@@ -22,7 +22,7 @@ import errno + import fcntl + import os + +-import cfg ++from pynslcd import cfg + + + class MyPIDLockFile(object): +diff --git a/pynslcd/netgroup.py b/pynslcd/netgroup.py +index 47a4c6e..8d0fbb2 100644 +--- a/pynslcd/netgroup.py ++++ b/pynslcd/netgroup.py +@@ -20,10 +20,10 @@ + + import re + +-import cache +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + _netgroup_triple_re = re.compile( +diff --git a/pynslcd/network.py b/pynslcd/network.py +index da587b9..3b94d06 100644 +--- a/pynslcd/network.py ++++ b/pynslcd/network.py +@@ -18,10 +18,10 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + # 02110-1301 USA + +-import cache +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + attmap = common.Attributes( +diff --git a/pynslcd/pam.py b/pynslcd/pam.py +index b372cdd..bb7add8 100644 +--- a/pynslcd/pam.py ++++ b/pynslcd/pam.py +@@ -27,12 +27,12 @@ import ldap + from ldap.controls.ppolicy import PasswordPolicyControl, PasswordPolicyError + from ldap.filter import escape_filter_chars + +-import cfg +-import common +-import constants +-import passwd +-import search +-import shadow ++from pynslcd import cfg ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import passwd ++from pynslcd import search ++from pynslcd import shadow + + + random = random.SystemRandom() +diff --git a/pynslcd/passwd.py b/pynslcd/passwd.py +index 1274f21..51ae57e 100644 +--- a/pynslcd/passwd.py ++++ b/pynslcd/passwd.py +@@ -20,11 +20,11 @@ + + import logging + +-import cache +-import cfg +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import cfg ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + attmap = common.Attributes( +diff --git a/pynslcd/protocol.py b/pynslcd/protocol.py +index dc41c4b..396f337 100644 +--- a/pynslcd/protocol.py ++++ b/pynslcd/protocol.py +@@ -18,10 +18,10 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + # 02110-1301 USA + +-import cache +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + attmap = common.Attributes( +diff --git a/pynslcd/pynslcd.py b/pynslcd/pynslcd.py +index 0691b61..973ecd9 100755 +--- a/pynslcd/pynslcd.py ++++ b/pynslcd/pynslcd.py +@@ -30,13 +30,13 @@ import threading + import daemon + import ldap + +-import cfg +-import common +-import constants +-import invalidator +-import mypidfile +-import search +-from tio import TIOStream ++import pynslcd.cfg as cfg ++import pynslcd.common as common ++import pynslcd.constants as constants ++import pynslcd.invalidator as invalidator ++import pynslcd.mypidfile as mypidfile ++import pynslcd.search as search ++from pynslcd.tio import TIOStream + + + # the name of the program +@@ -188,20 +188,20 @@ def getpeercred(fd): + + + handlers = {} +-handlers.update(common.get_handlers('config')) +-handlers.update(common.get_handlers('alias')) +-handlers.update(common.get_handlers('ether')) +-handlers.update(common.get_handlers('group')) +-handlers.update(common.get_handlers('host')) +-handlers.update(common.get_handlers('netgroup')) +-handlers.update(common.get_handlers('network')) +-handlers.update(common.get_handlers('passwd')) +-handlers.update(common.get_handlers('protocol')) +-handlers.update(common.get_handlers('rpc')) +-handlers.update(common.get_handlers('service')) +-handlers.update(common.get_handlers('shadow')) +-handlers.update(common.get_handlers('pam')) +-handlers.update(common.get_handlers('usermod')) ++handlers.update(common.get_handlers('pynslcd.config')) ++handlers.update(common.get_handlers('pynslcd.alias')) ++handlers.update(common.get_handlers('pynslcd.ether')) ++handlers.update(common.get_handlers('pynslcd.group')) ++handlers.update(common.get_handlers('pynslcd.host')) ++handlers.update(common.get_handlers('pynslcd.netgroup')) ++handlers.update(common.get_handlers('pynslcd.network')) ++handlers.update(common.get_handlers('pynslcd.passwd')) ++handlers.update(common.get_handlers('pynslcd.protocol')) ++handlers.update(common.get_handlers('pynslcd.rpc')) ++handlers.update(common.get_handlers('pynslcd.service')) ++handlers.update(common.get_handlers('pynslcd.shadow')) ++handlers.update(common.get_handlers('pynslcd.pam')) ++handlers.update(common.get_handlers('pynslcd.usermod')) + + + def acceptconnection(nslcd_serversocket, session): +diff --git a/pynslcd/rpc.py b/pynslcd/rpc.py +index 49d9c7c..e1ea4f5 100644 +--- a/pynslcd/rpc.py ++++ b/pynslcd/rpc.py +@@ -18,10 +18,10 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + # 02110-1301 USA + +-import cache +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + attmap = common.Attributes( +diff --git a/pynslcd/search.py b/pynslcd/search.py +index 39850d2..f017451 100644 +--- a/pynslcd/search.py ++++ b/pynslcd/search.py +@@ -24,7 +24,7 @@ import sys + import ldap + import ldap.ldapobject + +-import cfg ++from pynslcd import cfg + + + # global indicator that there was some error connection to an LDAP server +diff --git a/pynslcd/service.py b/pynslcd/service.py +index b0c53e3..96c2aaf 100644 +--- a/pynslcd/service.py ++++ b/pynslcd/service.py +@@ -20,10 +20,10 @@ + + import datetime + +-import cache +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + attmap = common.Attributes( +diff --git a/pynslcd/shadow.py b/pynslcd/shadow.py +index 59e1af6..3ed695b 100644 +--- a/pynslcd/shadow.py ++++ b/pynslcd/shadow.py +@@ -20,11 +20,11 @@ + + import logging + +-import cache +-import cfg +-import common +-import constants +-import search ++from pynslcd import cache ++from pynslcd import cfg ++from pynslcd import common ++from pynslcd import constants ++from pynslcd import search + + + attmap = common.Attributes( +diff --git a/pynslcd/usermod.py b/pynslcd/usermod.py +index 4e37ded..ffd651b 100644 +--- a/pynslcd/usermod.py ++++ b/pynslcd/usermod.py +@@ -26,10 +26,10 @@ import os.path + + import ldap + +-import cfg +-import constants +-import pam +-import passwd ++from pynslcd import cfg ++from pynslcd import constants ++from pynslcd import pam ++from pynslcd import passwd + + + def list_shells(): diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-tests-py39.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-tests-py39.patch new file mode 100644 index 0000000..6761de7 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-tests-py39.patch @@ -0,0 +1,26 @@ +diff --git a/tests/test_doctest.sh b/tests/test_doctest.sh +index 5b3a13d..82749a2 100755 +--- a/tests/test_doctest.sh ++++ b/tests/test_doctest.sh +@@ -53,7 +53,7 @@ do + if ${python} -c 'import ldap' + then + echo "Running pynslcd doctests with $python..." +- PYTHONPATH="${top_builddir}/pynslcd" ${python} -m doctest -v "${top_srcdir}/pynslcd"/*.py ++ PYTHONPATH="${top_builddir}/pynslcd:${top_builddir}" ${python} -m doctest -v "${top_srcdir}/pynslcd"/*.py + fi + echo "Running pynslcd doctests with $python..." + PYTHONPATH="${top_builddir}/utils" ${python} -m doctest -v "${top_srcdir}/utils"/*.py +diff --git a/tests/test_pynslcd_cache.py b/tests/test_pynslcd_cache.py +index 8d3d02a..e7b19c0 100755 +--- a/tests/test_pynslcd_cache.py ++++ b/tests/test_pynslcd_cache.py +@@ -27,6 +27,8 @@ import unittest + # fix the Python path + sys.path.insert(1, os.path.abspath(os.path.join(sys.path[0], '..', 'pynslcd'))) + sys.path.insert(2, os.path.abspath(os.path.join('..', 'pynslcd'))) ++sys.path.insert(3, os.path.abspath(os.path.join('..'))) ++print(sys.path) + + + # TODO: think about case-sensitivity of cache searches (have tests for that) diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-tests.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-tests.patch new file mode 100644 index 0000000..5e13854 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-tests.patch @@ -0,0 +1,34 @@ +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 1bbbcc2..4adf062 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -23,7 +23,7 @@ TESTS = test_dict test_set test_tio test_expr test_getpeercred test_cfg \ + test_pamcmds.sh test_manpages.sh test_clock \ + test_tio_timeout + if HAVE_PYTHON +- TESTS += test_pycompile.sh test_pylint.sh ++ TESTS += test_pycompile.sh + endif + if ENABLE_PYNSLCD + TESTS += test_pynslcd_cache.py test_doctest.sh +@@ -48,7 +48,6 @@ EXTRA_DIST = README nslcd-test.conf usernames.txt testenv.sh test_myldap.sh \ + test_nsscmds.sh test_ldapcmds.sh test_pamcmds.sh \ + test_pamcmds.expect test_manpages.sh \ + test_pycompile.sh test_doctest.sh \ +- test_pylint.sh pylint.rc \ + test_flake8.sh flake8.ini \ + test_pynslcd_cache.py \ + setup_slapd.sh config.ldif test.ldif +diff --git a/tests/test_doctest.sh b/tests/test_doctest.sh +index 5b3a13d..26c73e7 100755 +--- a/tests/test_doctest.sh ++++ b/tests/test_doctest.sh +@@ -38,7 +38,7 @@ find_python() { + fi + done + } +-interpreters=`find_python | sort -u` ++interpreters=${PYTHON} + + # if Python is missing, ignore + if [ -z "$interpreters" ] diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-use-mkstemp.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-use-mkstemp.patch new file mode 100644 index 0000000..1803067 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.11-use-mkstemp.patch @@ -0,0 +1,25 @@ +diff --git a/pynslcd/cache.py b/pynslcd/cache.py +index 0be3a71..b463d2e 100644 +--- a/pynslcd/cache.py ++++ b/pynslcd/cache.py +@@ -22,6 +22,7 @@ import datetime + import os + import sqlite3 + import sys ++import tempfile + + + # TODO: probably create a config table +@@ -192,10 +193,8 @@ _connection = None + def _get_connection(): + global _connection + if _connection is None: +- filename = '/tmp/pynslcd_cache.sqlite' +- dirname = os.path.dirname(filename) +- if not os.path.isdir(dirname): +- os.mkdir(dirname) ++ tmpfd, filename = tempfile.mkstemp(suffix=".sqlite", prefix="pynslcd_cache") ++ os.close(tmpfd) + connection = sqlite3.connect( + filename, detect_types=sqlite3.PARSE_DECLTYPES, + check_same_thread=False) diff --git a/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch new file mode 100644 index 0000000..06dcc25 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/files/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch @@ -0,0 +1,13 @@ +diff --git a/tests/pylint.rc b/tests/pylint.rc +index 7f0bc13..b66d018 100644 +--- a/tests/pylint.rc ++++ b/tests/pylint.rc +@@ -19,7 +19,7 @@ enable= + # can either give multiple identifier separated by comma (,) or put this option + # multiple time (only on the command line, not in the configuration file where + # it should appear only once). +-disable=E1101 ++disable=E1101,E1608,E1606,E1601 + + + [REPORTS] diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild new file mode 100644 index 0000000..ad0ede6 --- /dev/null +++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.12-r2.ebuild @@ -0,0 +1,166 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) +inherit autotools python-r1 s6 systemd tmpfiles multilib-minimal + +DESCRIPTION="NSS module for name lookups using LDAP" +HOMEPAGE="https://arthurdejong.org/nss-pam-ldapd/" +SRC_URI="https://arthurdejong.org/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv x86" +IUSE="debug kerberos +nslcd pam pynslcd sasl test +utils" +REQUIRED_USE=" + utils? ( ${PYTHON_REQUIRED_USE} ) + test? ( ${PYTHON_REQUIRED_USE} pynslcd ) +" +RESTRICT="!test? ( test )" + +RDEPEND=" + nslcd? ( acct-group/nslcd ) + nslcd? ( acct-user/nslcd ) + net-nds/openldap:=[${MULTILIB_USEDEP}] + sasl? ( dev-libs/cyrus-sasl[${MULTILIB_USEDEP}] ) + kerberos? ( virtual/krb5[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam[${MULTILIB_USEDEP}] ) + utils? ( ${PYTHON_DEPS} ) + pynslcd? ( + dev-python/python-ldap[${PYTHON_USEDEP}] + dev-python/python-daemon[${PYTHON_USEDEP}] + ) + !sys-auth/nss_ldap + !sys-auth/pam_ldap +" +DEPEND="${RDEPEND}" +BDEPEND=" + ${PYTHON_DEPS} + test? ( dev-python/pylint[${PYTHON_USEDEP}] ) +" + +PATCHES=( + "${FILESDIR}"/nss-pam-ldapd-0.9.4-disable-py3-only-linters.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-use-mkstemp.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-relative-imports.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-tests.patch + "${FILESDIR}"/nss-pam-ldapd-0.9.11-tests-py39.patch +) + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && python_setup +} + +src_prepare() { + default + + touch pynslcd/__init__.py || die "Could not create __init__.py for pynslcd" + mv pynslcd/pynslcd.py pynslcd/main.py || die + + eautoreconf +} + +multilib_src_configure() { + local myconf=( + --disable-utils + --enable-warnings + --with-ldap-lib=openldap + --with-ldap-conf-file="${EPREFIX}"/etc/nslcd.conf + --with-nslcd-pidfile=$(usex nslcd "${EPREFIX}"/run/nslcd/nslcd.pid /run/nslcd/nslcd.pid) + --with-nslcd-socket=$(usex nslcd "${EPREFIX}"/run/nslcd/socket /run/nslcd/socket) + --with-nss-flavour=glibc + $(use_enable nslcd) + $(use_enable pynslcd) + $(use_enable debug) + $(use_enable kerberos) + $(use_enable pam) + $(use_enable sasl) + + # nss libraries always go in /lib on Gentoo + --with-pam-seclib-dir="${EPREFIX}"/$(get_libdir)/security + --libdir="${EPREFIX}"/$(get_libdir) + ) + ECONF_SOURCE="${S}" econf "${myconf[@]}" +} + +multilib_src_test() { + python_test() { + cp -l "${S}"/pynslcd/*.py pynslcd/ || die "Could not copy python files for tests" + nonfatal emake check || die "tests failed with ${EPYTHON}" + } + + pushd "${BUILD_DIR}" >/dev/null || die + ln -s ../pynslcd/constants.py utils/constants.py || die + python_foreach_impl python_test + popd >/dev/null || die +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if use pynslcd; then + python_moduleinto pynslcd + python_foreach_impl python_domodule pynslcd/*.py + fi +} + +multilib_src_install_all() { + einstalldocs + + ! use nslcd && return + + newinitd "${FILESDIR}"/nslcd.init nslcd + s6_install_service nslcd "${FILESDIR}"/nslcd.s6 + + insinto /usr/share/nss-pam-ldapd + doins "${WORKDIR}"/${P}/nslcd.conf + + fperms o-r /etc/nslcd.conf + + if use utils; then + python_moduleinto nslcd + python_foreach_impl python_domodule utils/*.py + + local script + for script in chsh getent; do + python_foreach_impl python_newscript utils/${script}.py ${script}.ldap + done + fi + if use pynslcd; then + rm -rf "${ED}"/usr/share/pynslcd || die + python_moduleinto pynslcd + python_foreach_impl python_domodule pynslcd/*.py + python_scriptinto /usr/sbin + python_foreach_impl python_newscript pynslcd/main.py pynslcd + newinitd "${FILESDIR}"/pynslcd.init pynslcd + fi + + newtmpfiles "${FILESDIR}"/nslcd-tmpfiles.conf nslcd.conf + systemd_newunit "${FILESDIR}"/nslcd.service nslcd.service +} + +pkg_postinst() { + ! use nslcd && return + + tmpfiles_process nslcd.conf + + elog "For this to work you must configure /etc/nslcd.conf" + elog "This configuration is similar to pam_ldap's /etc/ldap.conf" + elog + elog "In order to use nss-pam-ldapd, nslcd needs to be running. You can" + elog "start it like this:" + elog " # /etc/init.d/nslcd start" + elog + elog "You can add it to the default runlevel like so:" + elog " # rc-update add nslcd default" + elog + elog "If you have >=sys-apps/openrc-0.16.3, you can also use s6" + elog "to supervise this service." + elog "To do this, emerge sys-apps/s6 then add nslcd-s6" + elog "default runlevel instead of nslcd." + elog + elog "If you are upgrading, keep in mind that /etc/nss-ldapd.conf" + elog " is now named /etc/nslcd.conf" +} diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest new file mode 100644 index 0000000..8adfce7 --- /dev/null +++ b/sys-auth/sssd/Manifest @@ -0,0 +1,8 @@ +AUX sssd 489 BLAKE2B 552ffc9c5053e6de3e4d59ae50cbd95ae44460f51d7f753d9792eefb10507225a32beb91c1a47adf0ddbffff339a245f09c260738a781d05a0a955b8bf283148 SHA512 eab8d42d0188e55a18803b738af77c1969bf7c4b59503ee99975d4739e3c532c300e394a393327b7b98254672c1c2b0b15f81c9c27479e7cbbfb4995ab12b43e +AUX sssd-2.8.2-allow-client-build-without-pam.patch 3651 BLAKE2B c8a57ac2a6b46fdb52d874a90a78efd3fa3c7fc787b6e849b1b5736d30082840b001242f211be358a1668cb749bda0985e7872b757990e65e84d718f25ed353d SHA512 6e73f7a140188015dc54061542b5d7d1ef5c68546f3297dcd45cdda44ffcbb0c97e2b59c434715a8003f6912103a4870d8fe66fec551dde28cea244a8ad6a0d6 +AUX sssd-2.8.2-conditional-python-install.patch 553 BLAKE2B 81d9866f2f16e8ce3a2d2bb71780a77227bfeca6d8ae81727c145b461d957ebac432f1c7e460eace1bbb270d21e862f4bfa63e4f2a662e4bca2c9d65e7747fb0 SHA512 06f7d8869e4dcb47c5946c94b41b8311c2c60817d983104f070ce97615c620ff1f8e0e942bc80237e37ade354b8fb06e0cfb245d279030e5ddbb7c0438c814cf +AUX sssd.conf 124 BLAKE2B b6f9c016a014510f97b036d23d5f50e1e13085220fe82b0e6ef7a3ceeb114e59af935f39e66e4ad60a46f43983930e5d381b16b0ed31ba4349abe38c4b509367 SHA512 f16908c44b213edbf6b0c6e8d49df92e8c06fc623279037074fe51e49b8aca7dc18f5ed83f71909fc8209df80dfc150583edb1687f88e61588bdf9d1fbf6ed5a +AUX sssd.service 341 BLAKE2B 0cffcd43786633aa8e5bb42c54741cba676021c5a07554b08499504f8f630ff821ff334a21e2a4f9ae2d77d70d969018dd5a85d11b12bb31235a0ffcda4105c8 SHA512 99510d11f390722f56bc164059033fc40299dd4ea29f98cd5f08b2648f31b2e70afeb6b2d90f919bde595546c80b4e6941cf6f48130661ead09c0576043e4cf5 +DIST sssd-2.8.2.tar.gz 7842210 BLAKE2B e6fefbb74492b0ee840947655016e59b71fe8cd84a163e7a038ecf05fe8c5b46aa0c0f799b90e0a83c6ab79a2e08e75f7e448cf4f827be2cd359d5f21461d999 SHA512 10b7a641823aefb43e30bff9e5f309a1f48446ffff421a06f86496db24ba1fbd384733b5690864507ef9b2f04c91e563fe9820536031f83f1bd6e93edfedee55 +EBUILD sssd-2.8.2.ebuild 8989 BLAKE2B f7c404f25025e22f99ad1c05fea6f5c25285ad2998b74c2e3f9a9a8223a69bf83e5c168b221e1232d5bc4403c71c3aee7bdc206b472a2604994c828c21dcdd39 SHA512 8069c407c4f15e4283d8b6e8bb11e96c7b542720153d36011b30a4528d670cb245065190fcb1085a463a2c4d683cd89d520a6dd26c3b9303649cc1094e116dc9 +MISC metadata.xml 1070 BLAKE2B 81c63a79975a71461cca699bde6eb38315eb303f965f3b2786826bb2fe9e9a15e711849fe836e3b6cbaa94ecc715ee546e75e88df4b2c257997a8aed176461c1 SHA512 c3ee1b026993a7be0917574d2b1f0480ca91d72d292305d4a616c7c352803042f34b616464147e04eb28af64b42b4b83bec246a29b1b4d4c1412ab1fe71152fd diff --git a/sys-auth/sssd/files/sssd b/sys-auth/sssd/files/sssd new file mode 100644 index 0000000..c79b79a --- /dev/null +++ b/sys-auth/sssd/files/sssd @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + + +command="/usr/sbin/sssd" +command_args="${SSSD_OPTIONS} -D" +start_stop_daemon_args="--quiet" +description="System Security Services Daemon" + +depend(){ + need localmount clock + use syslog xdm +} + +if [ "${RC_VERSION:-0}" = "0" ]; then + start() { + eerror "This script cannot be used for baselayout-1." + return 1 + } +fi diff --git a/sys-auth/sssd/files/sssd-2.8.2-allow-client-build-without-pam.patch b/sys-auth/sssd/files/sssd-2.8.2-allow-client-build-without-pam.patch new file mode 100644 index 0000000..a2fc1da --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.8.2-allow-client-build-without-pam.patch @@ -0,0 +1,102 @@ +--- sssd-2.6.0-abi_x86_64.amd64/src/external/pam.m4.orig 2022-09-18 00:52:08.238444801 +0000 ++++ sssd-2.6.0-abi_x86_64.amd64/src/external/pam.m4 2022-09-18 00:53:04.881787599 +0000 +@@ -4,8 +4,8 @@ + AC_CHECK_HEADERS([security/pam_appl.h security/pam_modules.h], + [AC_CHECK_LIB([pam], [pam_get_item], + [PAM_LIBS="-lpam"], +- [AC_MSG_ERROR([PAM must support pam_get_item])])], +- [AC_MSG_ERROR([PAM development libraries not installed])] ++ [AC_MSG_WARN([PAM must support pam_get_item])])], ++ [AC_MSG_WARN([PAM development libraries not installed])] + ) + + AC_CHECK_HEADERS([security/pam_ext.h security/pam_modutil.h]) +--- sssd-2.6.0-abi_x86_64.amd64/src/sss_client/common.c~ 2021-10-14 09:43:05.000000000 +0000 ++++ sssd-2.6.0-abi_x86_64.amd64/src/sss_client/common.c 2022-09-18 01:48:56.133414237 +0000 +@@ -25,7 +25,9 @@ + #include "config.h" + + #include ++#ifdef HAVE_SECURITY_PAM_MODULES_H + #include ++#endif + #include + #include + #include +@@ -889,6 +891,7 @@ + return 0; + } + ++#ifdef HAVE_SECURITY_PAM_MODULES_H + int sss_pam_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, +@@ -1007,6 +1010,7 @@ + + sss_pam_unlock(); + } ++#endif + + enum sss_status + sss_cli_make_request_with_checks(enum sss_cli_command cmd, +--- sssd-2.6.0-abi_x86_64.amd64/src/krb5_plugin/sssd_krb5_locator_plugin.c~ 2021-10-14 09:43:05.000000000 +0000 ++++ sssd-2.6.0-abi_x86_64.amd64/src/krb5_plugin/sssd_krb5_locator_plugin.c 2022-09-21 17:34:54.316190404 +0000 +@@ -36,7 +36,7 @@ + #include "util/sss_krb5.h" + #include + +-#include "providers/krb5/krb5_common.h" ++#define TEST_PUBCONF_PATH PUBCONF_PATH + + /* The following override of KDCINFO_TMPL and KPASSWDINFO_TMPL is not very + * elegant but since they are defined in krb5_common.h with the help of +--- sssd-2.6.0-abi_x86_64.amd64/src/krb5_plugin/sssd_krb5_locator_plugin.c~ 2022-09-21 18:06:21.523271693 +0000 ++++ sssd-2.6.0-abi_x86_64.amd64/src/krb5_plugin/sssd_krb5_locator_plugin.c 2022-09-21 18:22:35.490987485 +0000 +@@ -33,7 +33,8 @@ + #include + #include + +-#include "util/sss_krb5.h" ++#include "util/atomic_io.h" ++#include "util/util_errors.h" + #include + + #define TEST_PUBCONF_PATH PUBCONF_PATH +--- sssd-2.6.0-abi_x86_64.amd64/src/sss_client/pam_sss.c~ 2022-09-22 01:17:22.036623356 +0000 ++++ sssd-2.6.0-abi_x86_64.amd64/src/sss_client/pam_sss.c 2022-09-22 01:23:20.654380535 +0000 +@@ -47,6 +47,7 @@ + #include "sss_cli.h" + #include "pam_message.h" + #include "util/atomic_io.h" ++#define PAM_SSS 1 + #include "util/authtok-utils.h" + #include "util/dlinklist.h" + +--- sssd-2.6.0-abi_x86_64.amd64/src/util/authtok-utils.h~ 2022-09-22 01:19:10.196756533 +0000 ++++ sssd-2.6.0-abi_x86_64.amd64/src/util/authtok-utils.h 2022-09-22 01:25:28.495719906 +0000 +@@ -20,7 +20,9 @@ + #ifndef __AUTHTOK_UTILS_H__ + #define __AUTHTOK_UTILS_H__ + ++#ifndef PAM_SSS + #include ++#endif + + #include "sss_client/sss_cli.h" + +@@ -83,6 +85,7 @@ + uint8_t *buf, size_t buf_len, + size_t *_2fa_blob_len); + ++#ifndef PAM_SSS + /** + * @brief Extract 2FA data from memory buffer + * +@@ -132,6 +135,7 @@ + char **module_name, size_t *_module_name_len, + char **key_id, size_t *_key_id_len, + char **label, size_t *_label_len); ++#endif /* PAM_SSS */ + + /** + * @brief Return a pointer to the PIN string in the memory buffer diff --git a/sys-auth/sssd/files/sssd-2.8.2-conditional-python-install.patch b/sys-auth/sssd/files/sssd-2.8.2-conditional-python-install.patch new file mode 100644 index 0000000..08156f2 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.8.2-conditional-python-install.patch @@ -0,0 +1,22 @@ +--- sssd-2.8.2/src/tools/analyzer/Makefile.am~ 2023-03-06 12:21:54.915277376 +0000 ++++ sssd-2.8.2/src/tools/analyzer/Makefile.am 2023-03-06 12:23:27.211073169 +0000 +@@ -5,7 +5,9 @@ + $(NULL) + + pkgpythondir = $(python3dir)/sssd ++modulesdir = $(pkgpythondir)/modules + ++if BUILD_PYTHON_BINDINGS + dist_pkgpython_DATA = \ + __init__.py \ + source_files.py \ +@@ -15,8 +17,8 @@ + sss_analyze.py \ + $(NULL) + +-modulesdir = $(pkgpythondir)/modules + dist_modules_DATA = \ + modules/__init__.py \ + modules/request.py \ + $(NULL) ++endif diff --git a/sys-auth/sssd/files/sssd.conf b/sys-auth/sssd/files/sssd.conf new file mode 100644 index 0000000..33dab3d --- /dev/null +++ b/sys-auth/sssd/files/sssd.conf @@ -0,0 +1,4 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +SSSD_OPTIONS="" diff --git a/sys-auth/sssd/files/sssd.service b/sys-auth/sssd/files/sssd.service new file mode 100644 index 0000000..1821089 --- /dev/null +++ b/sys-auth/sssd/files/sssd.service @@ -0,0 +1,15 @@ +[Unit] +Description=System Security Services Daemon +# SSSD will not be started until syslog is +After=syslog.target + +[Service] +ExecStart=/usr/sbin/sssd -D -f +# These two should be used with traditional UNIX forking daemons +# consult systemd.service(5) for more details +Type=forking +PIDFile=/run/sssd.pid + +[Install] +WantedBy=multi-user.target + diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml new file mode 100644 index 0000000..09572bc --- /dev/null +++ b/sys-auth/sssd/metadata.xml @@ -0,0 +1,19 @@ + + + + + alexxy@gentoo.org + Alexey Shvetsov + + + Build and use the cifsidmap plugin + Build and use the actual daemon, not only client libraries + Install sssd's Kerberos plugin + Add support for netlink protocol via dev-libs/libnl + Add support for the nfsv4 idmapd plugin provided by net-libs/libnfsidmap + Build man pages with dev-libs/libxslt + Build helper to let net-fs/autofs use sssd provided information + Build helper to let net-misc/openssh use sssd provided information + Build helper to let app-admin/sudo use sssd provided information + + diff --git a/sys-auth/sssd/sssd-2.8.2.ebuild b/sys-auth/sssd/sssd-2.8.2.ebuild new file mode 100644 index 0000000..1efdc05 --- /dev/null +++ b/sys-auth/sssd/sssd-2.8.2.ebuild @@ -0,0 +1,337 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{9..11} ) + +inherit autotools linux-info multilib-minimal optfeature python-single-r1 pam systemd toolchain-funcs + +DESCRIPTION="System Security Services Daemon provides access to identity and authentication" +HOMEPAGE="https://github.com/SSSD/sssd" +SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="acl doc kerberos +locator +netlink nfsv4 nls +man pac +pam python samba selinux +daemon sudo systemd systemtap test valgrind" +REQUIRED_USE=" + pac? ( samba ) + python? ( ${PYTHON_REQUIRED_USE} ) + test? ( sudo ) + valgrind? ( test )" +RESTRICT="!test? ( test )" + +DEPEND=" + virtual/libintl + !daemon? ( + pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] ) + kerberos? ( >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}] ) + ) + daemon? ( + >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}] + app-crypt/p11-kit + >=dev-libs/ding-libs-0.2 + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + dev-libs/libpcre2:= + >=dev-libs/jansson-2.14-r1 + >=dev-libs/popt-1.16 + >=dev-libs/openssl-1.0.2:= + dev-libs/libunistring:= + >=net-dns/bind-tools-9.9[gssapi] + >=net-dns/c-ares-1.7.4:= + >=net-nds/openldap-2.4.30:=[sasl] + >=sys-apps/dbus-1.6 + >=sys-apps/keyutils-1.5:= + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] + >=sys-libs/talloc-2.0.7 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.16 + >=sys-libs/ldb-1.1.17-r1:= + acl? ( net-fs/cifs-utils[acl] ) + locator? ( >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] ) + netlink? ( dev-libs/libnl:3 ) + nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 ) + pac? ( net-fs/samba ) + python? ( ${PYTHON_DEPS} ) + samba? ( >=net-fs/samba-4.10.2[winbind] ) + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + systemd? ( + sys-apps/systemd:= + sys-apps/util-linux + ) + systemtap? ( dev-util/systemtap ) + )" +RDEPEND="${DEPEND} + daemon? ( >=sys-libs/glibc-2.17[nscd] ) + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )" +BDEPEND=" + virtual/pkgconfig + ${PYTHON_DEPS} + doc? ( app-doc/doxygen ) + nls? ( sys-devel/gettext ) + test? ( + dev-libs/check + dev-libs/softhsm:2 + dev-util/cmocka + net-libs/gnutls[pkcs11,tools] + sys-libs/libfaketime + sys-libs/nss_wrapper + sys-libs/pam_wrapper + sys-libs/uid_wrapper + valgrind? ( dev-util/valgrind ) + ) + man? ( + app-text/docbook-xml-dtd:4.4 + >=dev-libs/libxslt-1.1.26 + nls? ( app-text/po4a ) + )" + +CONFIG_CHECK="~KEYS" + +PATCHES=( + "${FILESDIR}"/${P}-conditional-python-install.patch + "${FILESDIR}"/${P}-allow-client-build-without-pam.patch +) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ipa_hbac.h + /usr/include/sss_idmap.h + /usr/include/sss_nss_idmap.h + # --with-ifp + /usr/include/sss_sifp.h + /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h +) + +pkg_setup() { + linux-info_pkg_setup + python-single-r1_pkg_setup +} + +src_prepare() { + default + + sed -i \ + -e 's:/var/run:/run:' \ + src/examples/logrotate \ + || die + + # disable flaky test, see https://github.com/SSSD/sssd/issues/5631 + sed -i \ + -e '/^\s*pam-srv-tests[ \\]*$/d' \ + Makefile.am \ + || die + + eautoreconf + + multilib_copy_sources +} + +src_configure() { + local native_dbus_cflags=' ' + use daemon && native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die) + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=() + + myconf+=( + --localstatedir="${EPREFIX}"/var + --runstatedir="${EPREFIX}"/run + --with-pid-path="${EPREFIX}"/run + --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd + --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-db-path="${EPREFIX}"/var/lib/sss/db + --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache + --with-pubconf-path=$(usex daemon "${EPREFIX}"/var/lib/sss/pubconf /var/lib/sss/pubconf) + --with-pipe-path=$(usex daemon "${EPREFIX}"/var/lib/sss/pipes /var/lib/sss/pipes) + --with-mcache-path=$(usex daemon "${EPREFIX}"/var/lib/sss/mc /var/lib/sss/mc) + --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets + --with-log-path="${EPREFIX}"/var/log/sssd + --with-xml-catalog-path="${EPREFIX}"/etc/xml/catalog + --with-os=gentoo + --disable-rpath + --disable-static + --sbindir="${EPREFIX}"/usr/sbin + $(multilib_native_use_with systemd kcm) + $(use_with samba) + --with-smb-idmap-interface-version=6 + $(multilib_native_use_enable acl cifs-idmap-plugin) + $(multilib_native_use_with selinux) + $(multilib_native_use_with selinux semanage) + $(use_enable locator krb5-locator-plugin) + $(use_enable pac pac-responder) + $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) + $(use_enable nls) + $(multilib_native_use_with netlink libnl) + $(multilib_native_use_with man manpages) + $(multilib_native_use_with sudo) + $(multilib_native_with autofs) + $(multilib_native_with ssh) + $(use_enable systemtap) + $(use_enable valgrind) + --with-oidc-child=no + --without-python2-bindings + $(multilib_native_use_with python python3-bindings) + # Annoyingly configure requires that you pick systemd XOR sysv + --with-initscript=$(usex systemd systemd sysv) + ) + + use systemd && myconf+=( + --with-systemdunitdir=$(systemd_get_systemunitdir) + ) + + if ! multilib_is_native_abi || ! use daemon; then + # work-around all the libraries that are used for CLI and server + myconf+=( + {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' + # ldb headers are fine since native needs it + # ldb lib fails... but it does not seem to bother + {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' + {NDR_NBT,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' ' + + # use native include path for dbus (needed for build) + DBUS_CFLAGS="${native_dbus_cflags}" + + # non-pkgconfig checks + ac_cv_lib_ldap_ldap_search=yes + --without-kcm + ) + fi + + if ! use daemon; then + # continued work-around when headers nor bind-tools are not present either + myconf+=( + NSUPDATE="${EPREFIX}"/bin/cat + SAMBA_UTIL_{CFLAGS,LIBS}=' ' + ac_cv_header_ldb_h=yes + ac_cv_header_ldb_module_h=yes + ac_cv_type_LDAPDerefRes=yes + + ac_cv_header_unistr_h=yes + ac_cv_header_unicase_h=yes + ac_cv_lib_unistring_u8_strlen=yes + ac_cv_lib_unistring_u8_casecmp=yes + ac_cv_lib_unistring_u8_check=yes + + --disable-cifs-idmap-plugin + ) + if ! use kerberos; then + myconf+=( + {KRB5,GSSAPI_KRB5}_{CFLAGS,LIBS}=' ' + KRB5_LIBS=yes + ac_cv_header_krb5_h=yes + ac_cv_header_krad_h=yes + ac_cv_lib_krad_krad_packet_get_attr=yes + --disable-krb5-locator-plugin + ) + fi + fi + + econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi && use daemon; then + default + use doc && emake docs + if use man || use nls; then + emake update-po + fi + else + emake libnss_sss.la + use pam && emake pam_sss.la + if use daemon || use kerberos; then + use locator && emake sssd_krb5_locator_plugin.la + fi + use pac && emake sssd_pac_plugin.la + fi +} + +multilib_src_test() { + if multilib_is_native_abi && use daemon; then + local -x CK_TIMEOUT_MULTIPLIER=10 + emake check VERBOSE=yes + fi +} + +multilib_src_install() { + if multilib_is_native_abi && use daemon; then + emake -j1 DESTDIR="${D}" install + if use python; then + python_fix_shebang "${ED}" + python_optimize + fi + else + # easier than playing with automake... + use pam && dopammod .libs/pam_sss.so + + into / + dolib.so .libs/libnss_sss.so* + + if use daemon || use kerberos; then + if use locator; then + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so + fi + fi + + if use pac; then + exeinto /usr/$(get_libdir)/krb5/plugins/authdata + doexe .libs/sssd_pac_plugin.so + fi + fi +} + +multilib_src_install_all() { + einstalldocs + + ! use daemon && return + + insinto /etc/sssd + insopts -m600 + doins src/examples/sssd-example.conf + + insinto /etc/logrotate.d + insopts -m644 + newins src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + + # strip empty dirs + if ! use doc; then + rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die + rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap,sss_simpleifp}_doc || die + fi + + rm -r "${ED}"/run || die + find "${ED}" -type f -name '*.la' -delete || die +} + +pkg_postinst() { + ! use daemon && return + + elog "You must set up sssd.conf (default installed into /etc/sssd)" + elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" + elog "features. Please see howto in https://sssd.io/docs/design_pages/smartcard_authentication_require.html" + optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli +}