* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2024-08-25 20:00 Robin H. Johnson
0 siblings, 0 replies; 15+ messages in thread
From: Robin H. Johnson @ 2024-08-25 20:00 UTC (permalink / raw
To: gentoo-commits
commit: 5fffb10e6238d9e572ce84bb2b6fdd922eacdfcf
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 25 18:02:30 2024 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun Aug 25 20:00:31 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fffb10e
net-nds/openldap: fix more -Werror=incompatible-pointer-types cases
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Closes: https://bugs.gentoo.org/show_bug.cgi?id=933875
.../openldap-2.6.x-gnutls-pointer-error.patch | 40 ++++++++++++
.../files/openldap-2.6.x-slapd-pointer-types.patch | 71 ++++++++++++++++++++++
net-nds/openldap/openldap-2.5.18.ebuild | 4 +-
net-nds/openldap/openldap-2.6.6-r2.ebuild | 2 +
net-nds/openldap/openldap-2.6.8.ebuild | 4 +-
5 files changed, 119 insertions(+), 2 deletions(-)
diff --git a/net-nds/openldap/files/openldap-2.6.x-gnutls-pointer-error.patch b/net-nds/openldap/files/openldap-2.6.x-gnutls-pointer-error.patch
new file mode 100644
index 000000000000..e6ab4e5a46cb
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.x-gnutls-pointer-error.patch
@@ -0,0 +1,40 @@
+From 634017950c1c920d0de63fffa5c52e621de1d603 Mon Sep 17 00:00:00 2001
+From: Wang Mingyu <wangmy@fujitsu.com>
+Date: Wed, 26 Jun 2024 07:41:01 +0000
+Subject: Fix incompatible pointer type error with gcc option
+ -Wincompatible-pointer-types
+
+lib32-openldap do_compile failure with gcc-14:
+| tls_g.c:971:57: error: passing argument 4 of 'gnutls_fingerprint' from incompatible pointer type [-Wincompatible-pointer-types]
+| 971 | keyhash.bv_val, &keyhash.bv_len ) < 0 ) {
+| | ^~~~~~~~~~~~~~~
+| | |
+| | ber_len_t * {aka long unsigned int *}
+| In file included from tls_g.c:44:
+| /usr/include/gnutls/gnutls.h:2406:32: note: expected 'size_t *' {aka 'unsigned int *'} but argument is of type 'ber_len_t *' {aka 'long unsigned int *'}
+| 2406 | size_t *result_size);
+| | ^~~
+
+Upstream-Status: Submitted
+
+Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
+---
+ libraries/libldap/tls_g.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
+index 7c23875..b4b487d 100644
+--- a/libraries/libldap/tls_g.c
++++ b/libraries/libldap/tls_g.c
+@@ -968,7 +968,7 @@ tlsg_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
+ keyhash.bv_len = gnutls_hash_get_len( alg );
+ keyhash.bv_val = LDAP_MALLOC( keyhash.bv_len );
+ if ( !keyhash.bv_val || gnutls_fingerprint( alg, &key,
+- keyhash.bv_val, &keyhash.bv_len ) < 0 ) {
++ keyhash.bv_val, (size_t *)&keyhash.bv_len ) < 0 ) {
+ goto done;
+ }
+ } else {
+--
+2.34.1
+
diff --git a/net-nds/openldap/files/openldap-2.6.x-slapd-pointer-types.patch b/net-nds/openldap/files/openldap-2.6.x-slapd-pointer-types.patch
new file mode 100644
index 000000000000..9f79048645d6
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.x-slapd-pointer-types.patch
@@ -0,0 +1,71 @@
+# https://git.openldap.org/openldap/openldap/-/commit/fb9e6a81bbee880549e7ec18f0a74ddddbd2d1ab.patch
+From fb9e6a81bbee880549e7ec18f0a74ddddbd2d1ab Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 6 Feb 2024 21:38:24 -0500
+Subject: [PATCH] ITS#10171 - Explicitly cast private values
+
+Fixes issues with -Werror=incompatible-pointer-types
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+---
+ servers/slapd/config.c | 2 +-
+ servers/slapd/overlays/constraint.c | 2 +-
+ servers/slapd/overlays/dyngroup.c | 2 +-
+ servers/slapd/overlays/valsort.c | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/servers/slapd/config.c b/servers/slapd/config.c
+index 80333f359c..987c862d91 100644
+--- a/servers/slapd/config.c
++++ b/servers/slapd/config.c
+@@ -151,7 +151,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
+ int rc, arg_user, arg_type, arg_syn, iarg;
+ unsigned uiarg;
+ long larg;
+- size_t ularg;
++ unsigned long ularg;
+ ber_len_t barg;
+
+ if(Conf->arg_type == ARG_IGNORED) {
+diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
+index f939b37762..0d6156af4d 100644
+--- a/servers/slapd/overlays/constraint.c
++++ b/servers/slapd/overlays/constraint.c
+@@ -557,7 +557,7 @@ done:;
+ a2->restrict_filter = ap.restrict_filter;
+ a2->restrict_val = ap.restrict_val;
+
+- for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
++ for ( app = (constraint **)&on->on_bi.bi_private; *app; app = &(*app)->ap_next )
+ /* Get to the end */ ;
+
+ a2->ap_next = *app;
+diff --git a/servers/slapd/overlays/dyngroup.c b/servers/slapd/overlays/dyngroup.c
+index 5d890d6650..e0e70af2d9 100644
+--- a/servers/slapd/overlays/dyngroup.c
++++ b/servers/slapd/overlays/dyngroup.c
+@@ -111,7 +111,7 @@ static int dgroup_cf( ConfigArgs *c )
+ */
+ a2 = ch_malloc( sizeof(adpair) );
+
+- for ( app = &on->on_bi.bi_private; *app; app = &(*app)->ap_next )
++ for ( app = (adpair **)&on->on_bi.bi_private; *app; app = &(*app)->ap_next )
+ /* Get to the end */ ;
+
+ a2->ap_mem = ap.ap_mem;
+diff --git a/servers/slapd/overlays/valsort.c b/servers/slapd/overlays/valsort.c
+index 3d998e2fcb..e251500d0b 100644
+--- a/servers/slapd/overlays/valsort.c
++++ b/servers/slapd/overlays/valsort.c
+@@ -201,7 +201,7 @@ valsort_cf_func(ConfigArgs *c) {
+ return(1);
+ }
+
+- for ( vip = &on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next )
++ for ( vip = (valsort_info **)&on->on_bi.bi_private; *vip; vip = &(*vip)->vi_next )
+ /* Get to the end */ ;
+
+ vi = ch_malloc( sizeof(valsort_info) );
+--
+GitLab
+
diff --git a/net-nds/openldap/openldap-2.5.18.ebuild b/net-nds/openldap/openldap-2.5.18.ebuild
index 150d0a95e6ca..48748317f4b5 100644
--- a/net-nds/openldap/openldap-2.5.18.ebuild
+++ b/net-nds/openldap/openldap-2.5.18.ebuild
@@ -140,6 +140,8 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
+ "${FILESDIR}"/${PN}-2.6.x-gnutls-pointer-error.patch
+ #"${FILESDIR}"/${PN}-2.6.x-slapd-pointer-types.patch # needs backport
)
openldap_filecount() {
@@ -417,7 +419,7 @@ multilib_src_configure() {
# error: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type
# [-Wincompatible-pointer-types]
# expected ‘char **’ but argument is of type ‘const char **’
- append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
+ #append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
if use experimental ; then
# connectionless ldap per bug #342439
diff --git a/net-nds/openldap/openldap-2.6.6-r2.ebuild b/net-nds/openldap/openldap-2.6.6-r2.ebuild
index e748df009fdf..f63e7a4effc9 100644
--- a/net-nds/openldap/openldap-2.6.6-r2.ebuild
+++ b/net-nds/openldap/openldap-2.6.6-r2.ebuild
@@ -149,6 +149,8 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.6-fix-type-mismatch-lloadd.patch
+ "${FILESDIR}"/${PN}-2.6.x-gnutls-pointer-error.patch
+ "${FILESDIR}"/${PN}-2.6.x-slapd-pointer-types.patch
)
openldap_filecount() {
diff --git a/net-nds/openldap/openldap-2.6.8.ebuild b/net-nds/openldap/openldap-2.6.8.ebuild
index 61f2eedf6751..d8034c51fae3 100644
--- a/net-nds/openldap/openldap-2.6.8.ebuild
+++ b/net-nds/openldap/openldap-2.6.8.ebuild
@@ -149,6 +149,8 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
#"${FILESDIR}"/${PN}-2.6.6-fix-type-mismatch-lloadd.patch
+ "${FILESDIR}"/${PN}-2.6.x-gnutls-pointer-error.patch
+ #"${FILESDIR}"/${PN}-2.6.x-slapd-pointer-types.patch # included upstream
)
openldap_filecount() {
@@ -417,7 +419,7 @@ multilib_src_configure() {
# error: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type [-Wincompatible-pointer-types]
# expected ‘char **’ but argument is of type ‘const char **’
- append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
+ #append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
if use experimental ; then
# connectionless ldap per bug #342439
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2024-08-25 0:57 Robin H. Johnson
0 siblings, 0 replies; 15+ messages in thread
From: Robin H. Johnson @ 2024-08-25 0:57 UTC (permalink / raw
To: gentoo-commits
commit: 783532d33df25206c20ecc175a6910ab6b0a29fb
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 25 00:33:46 2024 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun Aug 25 00:56:45 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=783532d3
net-nds/openldap: get 2.4.x building again, with atexit fix from upstream
2.4.x series should be announced as end-of-life in Gentoo; to get
remaining consumers to migrate to the 2.5 or 2.6 series.
2.4.59-r2 does not build with GCC14, and 2.4.59-r3 builds with warnings,
some of which are downgraded from error.
atexit-fix ensures that consumers of the libraries do not segfault
during their cleanup.
Please note that 2.4.x does NOT consistently pass src_test at this time.
Closes: https://bugs.gentoo.org/show_bug.cgi?id=920380
Closes: https://bugs.gentoo.org/show_bug.cgi?id=882183
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
.../files/openldap-2.4.59-atexit-fix.patch | 60 ++
.../files/openldap-2.4.59-implicit-function.patch | 41 +
net-nds/openldap/openldap-2.4.59-r3.ebuild | 928 +++++++++++++++++++++
3 files changed, 1029 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.4.59-atexit-fix.patch b/net-nds/openldap/files/openldap-2.4.59-atexit-fix.patch
new file mode 100644
index 000000000000..4ffee325275b
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.59-atexit-fix.patch
@@ -0,0 +1,60 @@
+Port upstream commit 337455eb3a66176cc3f66d2c663a72cc7b4178bd to 2.4.59.
+
+With 2.4.x, gentoo-infra saw crashes in nsscache during exit.
+This patch was later reverted upstream because it was not portable to AIX And
+was fixed in a different way in 2.5 & 2.6 releases.
+
+original https://github.com/openldap/openldap/commit/337455eb3a66176cc3f66d2c663a72cc7b4178bd
+revert: https://github.com/openldap/openldap/commit/5e13ef87a94491f9339dbca709db29e76741f1a9
+AIX discussion: https://bugs.openldap.org/show_bug.cgi?id=10176
+diff '--color=auto' -NuarwbB --exclude '*.rej' --exclude '*.orig' openldap-2.4.59.orig/libraries/libldap/init.c openldap-2.4.59/libraries/libldap/init.c
+--- openldap-2.4.59.orig/libraries/libldap/init.c 2021-06-03 11:40:31.000000000 -0700
++++ openldap-2.4.59/libraries/libldap/init.c 2024-08-24 11:15:06.727326650 -0700
+@@ -508,9 +508,6 @@
+ gopts->ldo_def_sasl_authcid = NULL;
+ }
+ #endif
+-#ifdef HAVE_TLS
+- ldap_int_tls_destroy( gopts );
+-#endif
+ }
+
+ /*
+diff '--color=auto' -NuarwbB --exclude '*.rej' --exclude '*.orig' openldap-2.4.59.orig/libraries/libldap/tls2.c openldap-2.4.59/libraries/libldap/tls2.c
+--- openldap-2.4.59.orig/libraries/libldap/tls2.c 2024-08-24 11:14:46.910678897 -0700
++++ openldap-2.4.59/libraries/libldap/tls2.c 2024-08-24 11:15:38.103963402 -0700
+@@ -155,6 +155,14 @@
+ tls_imp->ti_tls_destroy();
+ }
+
++static void
++ldap_exit_tls_destroy( void )
++{
++ struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
++
++ ldap_int_tls_destroy( lo );
++}
++
+ /*
+ * Initialize a particular TLS implementation.
+ * Called once per implementation.
+@@ -163,6 +171,7 @@
+ tls_init(tls_impl *impl )
+ {
+ static int tls_initialized = 0;
++ int rc;
+
+ if ( !tls_initialized++ ) {
+ #ifdef LDAP_R_COMPILE
+@@ -175,7 +184,10 @@
+ #ifdef LDAP_R_COMPILE
+ impl->ti_thr_init();
+ #endif
+- return impl->ti_tls_init();
++ rc = impl->ti_tls_init();
++
++ atexit( ldap_exit_tls_destroy );
++ return rc;
+ }
+
+ /*
diff --git a/net-nds/openldap/files/openldap-2.4.59-implicit-function.patch b/net-nds/openldap/files/openldap-2.4.59-implicit-function.patch
new file mode 100644
index 000000000000..ec7775c99dfa
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.59-implicit-function.patch
@@ -0,0 +1,41 @@
+--- openldap-2.4.59/servers/slapd/back-meta/conn.c 2021-06-03 11:40:31.000000000 -0700
++++ openldap-2.4.59/servers/slapd/back-meta/conn.c 2024-08-24 14:22:31.677357359 -0700
+@@ -31,6 +31,7 @@
+
+ #define AVL_INTERNAL
+ #include "slap.h"
++#include "proto-slap.h"
+ #include "../back-ldap/back-ldap.h"
+ #include "back-meta.h"
+
+--- openldap-2.4.59/servers/slapd/back-ldap/bind.c 2021-06-03 11:40:31.000000000 -0700
++++ openldap-2.4.59/servers/slapd/back-ldap/bind.c 2024-08-24 14:22:13.340701355 -0700
+@@ -31,6 +31,7 @@
+
+ #define AVL_INTERNAL
+ #include "slap.h"
++#include "proto-slap.h"
+ #include "back-ldap.h"
+ #include "lutil.h"
+ #include "lutil_ldap.h"
+--- openldap-2.4.59/servers/slapd/config.c 2021-06-03 11:40:31.000000000 -0700
++++ openldap-2.4.59/servers/slapd/config.c 2024-08-24 14:22:13.414034645 -0700
+@@ -43,6 +43,7 @@
+ #endif
+
+ #include "slap.h"
++#include "proto-slap.h"
+ #ifdef LDAP_SLAPI
+ #include "slapi/slapi.h"
+ #endif
+diff '--color=auto' -NuarwbB openldap-2.4.59.orig/servers/slapd/proto-slap.h openldap-2.4.59/servers/slapd/proto-slap.h
+--- openldap-2.4.59.orig/servers/slapd/proto-slap.h 2024-08-24 14:31:02.304109181 -0700
++++ openldap-2.4.59/servers/slapd/proto-slap.h 2024-08-24 14:31:18.004121208 -0700
+@@ -739,6 +739,7 @@
+ LDAP_SLAPD_F (int) bindconf_tls_set LDAP_P((
+ slap_bindconf *bc, LDAP *ld ));
+ LDAP_SLAPD_F (void) bindconf_free LDAP_P(( slap_bindconf *bc ));
++LDAP_SLAPD_F (void) slap_client_keepalive LDAP_P(( LDAP *ld, slap_keepalive *sk ));
+ LDAP_SLAPD_F (int) slap_client_connect LDAP_P(( LDAP **ldp, slap_bindconf *sb ));
+ LDAP_SLAPD_F (int) config_generic_wrapper LDAP_P(( Backend *be,
+ const char *fname, int lineno, int argc, char **argv ));
diff --git a/net-nds/openldap/openldap-2.4.59-r3.ebuild b/net-nds/openldap/openldap-2.4.59-r3.ebuild
new file mode 100644
index 000000000000..e553c3425988
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.59-r3.ebuild
@@ -0,0 +1,928 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Re cleanups:
+# 2.5.x is an LTS release so we want to keep it for a while.
+
+inherit autotools db-use flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="https://www.OpenLDAP.org/"
+
+# upstream mirrors are mostly not working, using canonical URI
+SRC_URI="
+ https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
+ http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
+ http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
+ http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+
+IUSE_DAEMON="crypt samba tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs test"
+IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
+IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+REQUIRED_USE="cxx? ( sasl )
+ pbkdf2? ( ssl )
+ test? ( berkdb )
+ ?? ( test minimal )
+ kerberos? ( ?? ( kinit smbkrb5passwd ) )"
+RESTRICT="!test? ( test )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
+BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+COMMON_DEPEND="
+ ssl? (
+ !gnutls? (
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
+ )
+ gnutls? (
+ >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
+ >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
+ )
+ )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ dev-libs/libltdl
+ sys-fs/e2fsprogs
+ >=dev-db/lmdb-0.9.18:=
+ crypt? ( virtual/libcrypt:= )
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ dev-libs/openssl:0=
+ )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl:0=
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? (
+ virtual/krb5
+ kinit? ( !app-crypt/heimdal )
+ )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ sys-apps/groff
+"
+RDEPEND="${COMMON_DEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+
+# The user/group are only used for running daemons which are
+# disabled in minimal builds, so elide the accounts too.
+BDEPEND="!minimal? (
+ acct-group/ldap
+ acct-user/ldap
+)
+"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ "${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # unbundle lmdb
+ "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
+
+ # fix some compiler warnings
+ "${FILESDIR}"/${PN}-2.4.47-warnings.patch
+
+ # Atexit segfault
+ "${FILESDIR}"/${PN}-2.4.59-atexit-fix.patch
+
+ # implicit function defs
+ "${FILESDIR}"/${PN}-2.6.1-cloak.patch
+ "${FILESDIR}"/${PN}-2.4.59-implicit-function.patch
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ local openldap_datadirs=()
+ if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
+ openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
+ fi
+ openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs[@]} ; do
+ CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
+ CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
+ if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
+ einfo "- Checking ${each}..."
+ if [[ -r "${CURRENT_TAG}" ]] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source "${CURRENT_TAG}"
+ if [[ "${OLDPF}" == "" ]] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
+
+ [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
+
+ # are we on the same branch?
+ if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
+ if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in ${BDB_SLOTS} ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "${NEWVER}" ]] && break
+ done
+ fi
+ local fail=0
+ if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ :
+ # Nothing wrong here.
+ elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [[ "${fail}" == "1" ]] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ local d l i
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [[ "${FORCE_UPGRADE}" != "1" ]]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ -i include/ldap_defaults.h || die
+
+ default
+ rm -r libraries/liblmdb || die
+
+ pushd build &>/dev/null || die "pushd build"
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+ popd &>/dev/null || die
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed \
+ -e 's|/bin/sh|/bin/bash|g' \
+ -i tests/scripts/* || die "sed failed"
+
+ # Required for autoconf-2.70 #765043
+ sed 's@^AM_INIT_AUTOMAKE.*@AC_PROG_MAKE_SET@' -i configure.in || die
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+ popd &>/dev/null || die
+}
+
+src_configure() {
+ if use experimental ; then
+ # connectionless ldap per bug #342439
+ # connectionless is a unsupported feature according to Howard Chu
+ # see https://bugs.openldap.org/show_bug.cgi?id=9739
+ # (see also bug #892009)
+ append-flags -DLDAP_CONNECTIONLESS
+ fi
+
+ # The configure scripts make some assumptions that aren't valid in newer GCC.
+ # https://bugs.gentoo.org/920380
+ append-flags $(test-flags-CC -Wno-error=implicit-int)
+ # conftest.c:113:16: error: passing argument 1 of 'pthread_detach' makes integer from pointer without a cast [-Wint-conversion]
+ append-flags $(test-flags-CC -Wno-error=int-conversion)
+ # error: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type [-Wincompatible-pointer-types]
+ # expected ‘char **’ but argument is of type ‘const char **’
+ append-flags $(test-flags-CC -Wno-error=incompatible-pointer-types)
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU exists only in the configure, nowhere in the codebase, bug #510858
+ export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir ${BDB_SLOTS})
+ einfo "Using ${DBINCLUDE} for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ --disable-slp
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ CONFIG_SHELL="/bin/sh" \
+ ECONF_SOURCE="${S}" \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+ popd &>/dev/null || die
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+ emake CC="${CC}" CXX="${CXX}"
+ popd &>/dev/null || die
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use kerberos ; then
+ if use kinit ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ fi
+ pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ popd &>/dev/null || die
+ fi
+
+ if use pbkdf2; then
+ pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
+ einfo "Compiling contrib-module: pw-pbkdf2"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../../include \
+ ${CFLAGS} \
+ -o pbkdf2.lo \
+ -c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
+ einfo "Linking contrib-module: pw-pbkdf2"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-pbkdf2.la \
+ pbkdf2.lo || die "linking pw-pbkdf2 failed"
+ popd &>/dev/null || die
+ fi
+
+ if use sha2 ; then
+ pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
+ einfo "Compiling contrib-module: pw-sha2"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../../include \
+ ${CFLAGS} \
+ -o sha2.lo \
+ -c sha2.c || die "compiling pw-sha2 failed"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../../include \
+ ${CFLAGS} \
+ -o slapd-sha2.lo \
+ -c slapd-sha2.c || die "compiling pw-sha2 failed"
+ einfo "Linking contrib-module: pw-sha2"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-sha2.la \
+ sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
+ popd &>/dev/null || die
+ fi
+
+ # We could build pw-radius if GNURadius would install radlib.h
+ pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ #build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ popd &>/dev/null || die
+ # build slapi-plugins
+ pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+ popd &>/dev/null || die
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"/etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"/etc/openldap/slapd.conf
+
+ # populate with built backends
+ einfo "populate config with built backends"
+ for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default || die
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
+ doinitd "${T}"/slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+
+ einfo "Install systemd service"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
+ systemd_dounit "${T}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ # If built without SLP, we don't need to be before avahi
+ sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"/etc/init.d/slapd \
+ || die
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la */*/*.la; do
+ [[ -e ${l} ]] || continue
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"/usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+
+ if ! use static-libs ; then
+ find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ tmpfiles_process slapd.conf
+
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ if [[ -d "${EROOT}"/var/run/openldap ]]; then
+ use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
+ chmod 0755 "${EROOT}"/var/run/openldap || die
+ fi
+ use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
+ use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2024-02-09 14:57 Joonas Niilola
0 siblings, 0 replies; 15+ messages in thread
From: Joonas Niilola @ 2024-02-09 14:57 UTC (permalink / raw
To: gentoo-commits
commit: 7ea4601a769ef519b1e78c05ebd6e2fd31bf81f4
Author: Brahmajit Das <brahmajit.xyz <AT> gmail <DOT> com>
AuthorDate: Sun Jan 21 17:46:23 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Feb 9 14:57:04 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ea4601a
net-nds/openldap: Fix type mismatches in lloadd
Closes: https://bugs.gentoo.org/920379
Signed-off-by: Brahmajit Das <brahmajit.xyz <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/34944
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
.../openldap-2.6.6-fix-type-mismatch-lloadd.patch | 42 +
net-nds/openldap/openldap-2.6.6-r1.ebuild | 871 +++++++++++++++++++++
2 files changed, 913 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.6.6-fix-type-mismatch-lloadd.patch b/net-nds/openldap/files/openldap-2.6.6-fix-type-mismatch-lloadd.patch
new file mode 100644
index 000000000000..d2335bce9bfd
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.6-fix-type-mismatch-lloadd.patch
@@ -0,0 +1,42 @@
+https://git.openldap.org/openldap/openldap/-/commit/de89b06b031537fb2d14a532d79f7b0772fc1700
+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
+Date: Thu, 27 Jul 2023 11:19:20 +0100
+Subject: [PATCH] ITS#10074 Fix type mismatches in lloadd
+
+--- a/servers/lloadd/libevent_support.c
++++ b/servers/lloadd/libevent_support.c
+@@ -131,6 +131,12 @@ lload_libevent_cond_timedwait(
+ return ldap_pvt_thread_cond_wait( cond, mutex );
+ }
+
++unsigned long
++lload_libevent_thread_self( void )
++{
++ return (unsigned long)ldap_pvt_thread_self();
++}
++
+ int
+ lload_libevent_init( void )
+ {
+@@ -152,7 +158,7 @@ lload_libevent_init( void )
+
+ evthread_set_lock_callbacks( &cbs );
+ evthread_set_condition_callbacks( &cond_cbs );
+- evthread_set_id_callback( ldap_pvt_thread_self );
++ evthread_set_id_callback( lload_libevent_thread_self );
+ return 0;
+ }
+
+--- a/servers/lloadd/module_init.c
++++ b/servers/lloadd/module_init.c
+@@ -151,7 +151,6 @@ lload_back_initialize( BackendInfo *bi )
+ {
+ bi->bi_flags = SLAP_BFLAG_STANDALONE;
+ bi->bi_open = lload_back_open;
+- bi->bi_config = config_generic_wrapper;
+ bi->bi_pause = lload_pause_cb;
+ bi->bi_unpause = lload_unpause_cb;
+ bi->bi_close = lload_back_close;
+--
+GitLab
+
diff --git a/net-nds/openldap/openldap-2.6.6-r1.ebuild b/net-nds/openldap/openldap-2.6.6-r1.ebuild
new file mode 100644
index 000000000000..84848052995b
--- /dev/null
+++ b/net-nds/openldap/openldap-2.6.6-r1.ebuild
@@ -0,0 +1,871 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Re cleanups:
+# 2.5.x is an LTS release so we want to keep it for a while.
+
+inherit autotools flag-o-matic multibuild multilib multilib-minimal preserve-libs
+inherit ssl-cert toolchain-funcs systemd tmpfiles
+
+MY_PV="$(ver_rs 1-2 _)"
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="https://www.openldap.org/"
+SRC_URI="
+ https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
+ mirror://gentoo/${BIS_P}
+"
+S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
+
+LICENSE="OPENLDAP GPL-2"
+# Subslot added for bug #835654
+SLOT="0/$(ver_cut 1-2)"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+
+IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
+IUSE_OVERLAY="overlays perl autoca"
+IUSE_OPTIONAL="debug gnutls iodbc odbc sasl ssl selinux static-libs +syslog test"
+IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
+IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
+IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+REQUIRED_USE="
+ cxx? ( sasl )
+ pbkdf2? ( ssl )
+ test? ( cleartext sasl )
+ autoca? ( !gnutls )
+ ?? ( test minimal )
+ kerberos? ( ?? ( kinit smbkrb5passwd ) )
+"
+RESTRICT="!test? ( test )"
+
+SYSTEM_LMDB_VER=0.9.31
+# openssl is needed to generate lanman-passwords required by samba
+COMMON_DEPEND="
+ kernel_linux? ( sys-apps/util-linux )
+ ssl? (
+ !gnutls? (
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
+ )
+ gnutls? (
+ >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
+ >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
+ )
+ )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ dev-libs/libevent:=
+ dev-libs/libltdl
+ sys-fs/e2fsprogs
+ >=dev-db/lmdb-${SYSTEM_LMDB_VER}:=
+ argon2? ( app-crypt/argon2:= )
+ crypt? ( virtual/libcrypt:= )
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ dev-libs/openssl:0=
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl:0=
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? (
+ virtual/krb5
+ kinit? ( !app-crypt/heimdal )
+ )
+ )
+"
+DEPEND="
+ ${COMMON_DEPEND}
+ sys-apps/groff
+"
+RDEPEND="
+ ${COMMON_DEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+
+# The user/group are only used for running daemons which are
+# disabled in minimal builds, so elide the accounts too.
+BDEPEND="
+ !minimal? (
+ acct-group/ldap
+ acct-user/ldap
+ )
+"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+ "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
+ "${FILESDIR}"/${PN}-2.6.1-cloak.patch
+ "${FILESDIR}"/${PN}-2.6.1-flags.patch
+ "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
+ "${FILESDIR}"/${PN}-2.6.6-fix-type-mismatch-lloadd.patch
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ local openldap_datadirs=()
+ if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
+ openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
+ fi
+ openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs[@]} ; do
+ CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
+ CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
+ if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
+ einfo "- Checking ${each}..."
+ if [[ -r "${CURRENT_TAG}" ]] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source "${CURRENT_TAG}"
+ if [[ "${OLDPF}" == "" ]] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
+
+ [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
+
+ # are we on the same branch?
+ if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
+ SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
+ if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ local fail=0
+
+ # This will not cover detection of cn=Config based configuration, but
+ # it's hopefully good enough.
+ if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
+ eerror " OpenLDAP >= 2.5.x has dropped support for Shell backend."
+ eerror " You will need to migrate per upstream's migration notes"
+ eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
+ eerror " Your existing database will not be accessible until it is"
+ eerror " converted away from backend shell!"
+ echo
+ fail=1
+ fi
+ if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
+ eerror " OpenLDAP >= 2.5.x has dropped support for Berkeley DB."
+ eerror " You will need to migrate per upstream's migration notes"
+ eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
+ eerror " Your existing database will not be accessible until it is"
+ eerror " converted to mdb!"
+ echo
+ fail=1
+ elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ :
+ # Nothing wrong here.
+ elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [[ "${fail}" == "1" ]] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ local d l i
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. Check that your data is intact."
+ eerror "11. Set up the new replication system."
+ eerror
+ if [[ "${FORCE_UPGRADE}" != "1" ]]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+}
+
+src_prepare() {
+ # The system copy of dev-db/lmdb must match the version that this copy
+ # of OpenLDAP shipped with! See bug #588792.
+ #
+ # Fish out MDB_VERSION_MAJOR/MDB_VERSION_MINOR/MDB_VERSION_PATCH from
+ # the bundled lmdb's header to find out the version.
+ local bundled_lmdb_version=$(sed -En '/^#define MDB_VERSION_(MAJOR|MINOR|PATCH)(\s+)?/{s/[^0-9.]//gp}' \
+ libraries/liblmdb/lmdb.h || die)
+ printf -v bundled_lmdb_version "%s." ${bundled_lmdb_version}
+
+ if [[ ${SYSTEM_LMDB_VER}. != ${bundled_lmdb_version} ]] ; then
+ eerror "Source lmdb version: ${bundled_lmdb_version}"
+ eerror "Ebuild lmdb version: ${SYSTEM_LMDB_VER}"
+ die "Ebuild needs to update SYSTEM_LMDB_VER!"
+ fi
+
+ rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
+
+ local filename
+ for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
+ iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
+ mv "${filename}.utf8" "${filename}"
+ done
+
+ default
+
+ sed -i \
+ -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
+ -e '/MKDIR.*.(DESTDIR)\/run/d' \
+ servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
+
+ pushd build &>/dev/null || die "pushd build"
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to remove too early stripping"
+ popd &>/dev/null || die
+
+ # Fails with OpenSSL 3, bug #848894
+ # https://bugs.openldap.org/show_bug.cgi?id=10009
+ rm tests/scripts/test076-authid-rewrite || die
+
+ eautoreconf
+ multilib_copy_sources
+}
+
+build_contrib_module() {
+ # <dir> [<target>]
+ pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
+ einfo "Compiling contrib-module: $1"
+ local target="${2:-all}"
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
+ "${target}"
+ popd &>/dev/null || die
+}
+
+multilib_src_configure() {
+ # Optional Features
+ myconf+=(
+ --enable-option-checking
+ $(use_enable debug)
+ --enable-dynamic
+ $(use_enable syslog)
+ --enable-ipv6
+ --enable-local
+ )
+
+ # Optional Packages
+ myconf+=(
+ --without-fetch
+ )
+
+ if use experimental ; then
+ # connectionless ldap per bug #342439
+ # connectionless is a unsupported feature according to Howard Chu
+ # see https://bugs.openldap.org/show_bug.cgi?id=9739
+ # (see also bug #892009)
+ append-flags -DLDAP_CONNECTIONLESS
+ fi
+
+ if ! use minimal && multilib_is_native_abi; then
+ # SLAPD (Standalone LDAP Daemon) Options
+ # overlay chaining requires '--enable-ldap' #296567
+ # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
+ myconf+=(
+ --enable-ldap=yes
+ --enable-slapd
+ $(use_enable cleartext)
+ $(use_enable crypt)
+ $(multilib_native_use_enable sasl spasswd)
+ --disable-slp
+ $(use_enable tcpd wrappers)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ # ACI build as dynamic module not supported (yet)
+ --enable-aci=yes
+ )
+ fi
+
+ for option in modules rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # static SLAPD backends
+ for backend in mdb; do
+ myconf+=( --enable-${backend}=yes )
+ done
+
+ # module SLAPD backends
+ for backend in asyncmeta dnssrv meta null passwd relay sock; do
+ # missing modules: wiredtiger (not available in portage)
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ use perl && myconf+=( --enable-perl=mod )
+
+ if use odbc ; then
+ myconf+=( --enable-sql=mod )
+ if use iodbc ; then
+ myconf+=( --with-odbc="iodbc" )
+ append-cflags -I"${EPREFIX}"/usr/include/iodbc
+ else
+ myconf+=( --with-odbc="unixodbc" )
+ fi
+ fi
+
+ use overlays && myconf+=( --enable-overlays=mod )
+ use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
+ # compile-in the syncprov
+ myconf+=( --enable-syncprov=yes )
+
+ # Build the standalone load balancer (lloadd) - also available as a slapd module; --enable-balancer=mod
+ myconf+=( --enable-balancer=yes )
+
+ # SLAPD Password Module Options
+ myconf+=(
+ $(use_enable argon2)
+ )
+
+ # Optional Packages
+ myconf+=(
+ $(use_with systemd)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ )
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-mdb
+ --disable-overlays
+ --disable-autoca
+ --disable-syslog
+ --without-systemd
+ )
+ fi
+
+ # Library Generation & Linking Options
+ myconf+=(
+ $(use_enable static-libs static)
+ --enable-shared
+ --enable-versioning
+ --with-pic
+ )
+
+ # some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ if use gnutls ; then
+ myconf+=( --with-tls="gnutls" )
+ else
+ # disable MD2 hash function
+ append-cflags -DOPENSSL_NO_MD2
+ myconf+=( --with-tls="openssl" )
+ fi
+ else
+ myconf+=( --with-tls="no" )
+ fi
+
+ tc-export AR CC CXX
+
+ ECONF_SOURCE="${S}" econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ --localstatedir="${EPREFIX}"/var \
+ --runstatedir="${EPREFIX}"/run \
+ --sharedstatedir="${EPREFIX}"/var/lib \
+ "${myconf[@]}"
+
+ # argument '--runstatedir' seems to have no effect therefore this workaround
+ sed -i \
+ -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
+ configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
+
+ sed -i \
+ -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
+ doc/guide/admin/security.sdf || die 'could not fix run path in doc'
+
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # we have to run it AFTER the main build, not just after the main configure
+ local myconf_ldapcpp=(
+ --with-libldap="${E}/lib"
+ --with-ldap-includes="${S}/include"
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+
+ local LDFLAGS="${LDFLAGS}"
+ local CPPFLAGS="${CPPFLAGS}"
+
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+
+ ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
+ popd &>/dev/null || die "popd contrib/ldapc++"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+ emake
+ popd &>/dev/null || die
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use kerberos ; then
+ if use kinit ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ fi
+ build_contrib_module "passwd" "pw-kerberos.la"
+ fi
+
+ if use pbkdf2; then
+ build_contrib_module "passwd/pbkdf2"
+ fi
+
+ if use sha2 ; then
+ build_contrib_module "passwd/sha2"
+ fi
+
+ # We could build pw-radius if GNURadius would install radlib.h
+ build_contrib_module "passwd" "pw-netscape.la"
+
+ #build_contrib_module "acl" "posixgroup.la" # example code only
+ #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
+ build_contrib_module "addpartial"
+ build_contrib_module "allop"
+ build_contrib_module "allowed"
+ build_contrib_module "autogroup"
+ build_contrib_module "cloak"
+ # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop"
+ build_contrib_module "dsaschema"
+ build_contrib_module "dupent"
+ build_contrib_module "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod"
+ build_contrib_module "noopsrch"
+ #build_contrib_module "nops" https://bugs.gentoo.org/641576
+ #build_contrib_module "nssov" RESO:LATER
+ build_contrib_module "trace"
+ # build slapi-plugins
+ pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
+ einfo "Building contrib-module: addrdnvalues plugin"
+ $(tc-getCC) -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CPPFLAGS} \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+ popd &>/dev/null || die
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ pwd
+
+ # Increase various test timeouts/delays, bug #894012
+ # We can't just double everything as there's a cumulative effect.
+ export SLEEP0=2 # originally 1
+ export SLEEP1=10 # originally 7
+ export SLEEP2=20 # originally 15
+ export TIMEOUT=16 # originally 8
+
+ # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
+ # emake partests => runs ALL of the tests in parallel
+ # wt/WiredTiger is not supported in Gentoo
+ TESTS=( plloadd pmdb )
+ #TESTS+=( pldif ) # not done by default, so also exclude here
+ #use odbc && TESTS+=( psql ) # not done by default, so also exclude here
+
+ emake -Onone "${TESTS[@]}"
+ fi
+}
+
+multilib_src_install() {
+ emake CC="$(tc-getCC)" \
+ DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"/etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
+ configfile="${ED}"/etc/openldap/slapd.conf
+
+ # populate with built backends
+ einfo "populate config with built backends"
+ for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" \
+ -i "${configfile}" || die
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default || die
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
+ doinitd "${T}"/slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
+
+ if use systemd; then
+ # The systemd unit uses Type=notify, so it is useless without USE=systemd
+ einfo "Install systemd service"
+ rm -rf "${ED}"/{,usr/}lib/systemd
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
+ systemd_dounit "${T}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+ fi
+
+ # if built without SLP, we don't need to be before avahi
+ sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"/etc/init.d/slapd \
+ || die
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la */*/*.la; do
+ [[ -e ${l} ]] || continue
+ libtool --mode=install cp ${l} \
+ "${ED}"/usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+
+ if ! use static-libs ; then
+ find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ if use systemd; then
+ tmpfiles_process slapd.conf
+ fi
+
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ if [[ -d "${EROOT}"/var/run/openldap ]]; then
+ use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
+ chmod 0755 "${EROOT}"/var/run/openldap || die
+ fi
+ use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
+ use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2023-05-30 21:56 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2023-05-30 21:56 UTC (permalink / raw
To: gentoo-commits
commit: b6788868d80c10a3a37bb3cd6f24cbe3f45284e6
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue May 16 00:43:47 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 30 21:55:50 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6788868
net-nds/openldap: add upstream libressl patch
This patch was merged upstream and fixes the configure with LibreSSL.
The configure script checks for SSL_export_keying_material_early() which
LibreSSL doesn't support, but OpenLDAP doesn't actually use this
function and only does this to ensure modern OpenSSL APIs are available.
As a compromise the configure script now checks for the
SSL_CTX_set_ciohersuites() function which both OpenSSL and LibreSSL
support and where currently the rest of the OpenLDAP build and tests
otherwise work with LibreSSL 3.7.2.
Bug: https://bugs.gentoo.org/903001
Upstream-Issue: https://bugs.openldap.org/show_bug.cgi?id=10039
Upstream-PR: https://git.openldap.org/openldap/openldap/-/merge_requests/613
Upstream-Commit: https://git.openldap.org/openldap/openldap/-/commit/cb73e60a49f85bf5207b2fd0f557013be29ac072
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/gentoo/pull/31050
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openldap/files/openldap-2.6.4-libressl.patch | 38 ++++++++++++++++++++++
net-nds/openldap/openldap-2.5.14.ebuild | 1 +
net-nds/openldap/openldap-2.6.4-r1.ebuild | 1 +
3 files changed, 40 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.6.4-libressl.patch b/net-nds/openldap/files/openldap-2.6.4-libressl.patch
new file mode 100644
index 000000000000..48a8a43e731a
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.4-libressl.patch
@@ -0,0 +1,38 @@
+https://bugs.gentoo.org/903001
+https://bugs.openldap.org/show_bug.cgi?id=10039
+https://git.openldap.org/openldap/openldap/-/merge_requests/613
+https://git.openldap.org/openldap/openldap/-/commit/cb73e60a49f85bf5207b2fd0f557013be29ac072
+
+From cb73e60a49f85bf5207b2fd0f557013be29ac072 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Wed, 12 Apr 2023 12:55:46 -0700
+Subject: [PATCH] ITS#10039 Test for SSL_CTX_set_ciphersuites()
+
+When configuring OpenLDAP using --with-tls=openssl with LibreSSL the
+configure will fail to detect SSL_export_keyring_material_early() since
+LibreSSL doesn't support this function yet. However OpenLDAP doesn't
+actually use this function and only checks for it to ensure a modern
+OpenSSL API is used. This can be easily solved by checking for an
+equivalent modern OpenSSL function which both LibreSSL and OpenSSL both
+support such as SSL_CTX_set_ciphersuites(). Doing this allows the build
+and tests to succeed with modern LibreSSL versions. This was tested with
+LibreSSL >= 3.6.
+
+Bug: https://bugs.openldap.org/show_bug.cgi?id=10039
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2cf28ef346..c4e2a905e2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1243,7 +1243,7 @@ if test $ol_with_tls = openssl || test $ol_with_tls = auto ; then
+ [#endif]])],
+ , [AC_MSG_FAILURE([OpenSSL 1.1.1 or newer required])])
+
+- AC_CHECK_LIB(ssl, SSL_export_keying_material_early,
++ AC_CHECK_LIB(ssl, SSL_CTX_set_ciphersuites,
+ [have_openssl=yes], [have_openssl=no],
+ [-lcrypto])
+
diff --git a/net-nds/openldap/openldap-2.5.14.ebuild b/net-nds/openldap/openldap-2.5.14.ebuild
index b4b51dae0731..8b5c4628b810 100644
--- a/net-nds/openldap/openldap-2.5.14.ebuild
+++ b/net-nds/openldap/openldap-2.5.14.ebuild
@@ -143,6 +143,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.4-clang16.patch
+ "${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
)
openldap_filecount() {
diff --git a/net-nds/openldap/openldap-2.6.4-r1.ebuild b/net-nds/openldap/openldap-2.6.4-r1.ebuild
index 463f6d0f7130..2747bc015832 100644
--- a/net-nds/openldap/openldap-2.6.4-r1.ebuild
+++ b/net-nds/openldap/openldap-2.6.4-r1.ebuild
@@ -144,6 +144,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
"${FILESDIR}"/${PN}-2.6.4-clang16.patch
+ "${FILESDIR}"/${PN}-2.6.4-libressl.patch #903001
)
openldap_filecount() {
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2023-02-10 0:29 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2023-02-10 0:29 UTC (permalink / raw
To: gentoo-commits
commit: d8ba54d25287641b64419afb1a51f2182ae7490f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 10 00:24:43 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Feb 10 00:29:02 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8ba54d2
net-nds/openldap: add 2.6.4
Bug: https://bugs.gentoo.org/867931
Closes: https://bugs.gentoo.org/848894
Closes: https://bugs.gentoo.org/892009
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-nds/openldap/Manifest | 1 +
.../openldap/files/openldap-2.6.4-clang16.patch | 234 ++++++
net-nds/openldap/openldap-2.6.4.ebuild | 834 +++++++++++++++++++++
3 files changed, 1069 insertions(+)
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest
index 6ae8e93ddfc6..576ad995662b 100644
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@@ -1,4 +1,5 @@
DIST openldap-2.4.58.tgz 5885225 BLAKE2B effb618dba03497796a497cd7f53ec52e389133769321dd242433bed5ec4b1f66cf7353f08a49d5f3465880f6bcfc9afc9c7d2a28e075b66f5fd926b02213541 SHA512 2fa2aa36117692eca44e55559f162c8c796f78469e6c2aee91b06d46f2b755d416979c913a3d89bbf9db14cc84881ecffee69af75b48e1d16b7aa9d2e3873baa
DIST openldap-2.4.59.tgz 5886272 BLAKE2B a2a8bed1d2af97fd41d651668152fd4740871bc5a8abf4b50390839228af82ac103346b3500ae0f8dd31b708acabb30435b90cd48dfafe510e648df5150d96b8 SHA512 233459ab446da6e107a7fc4ecd5668d6b08c11a11359ee76449550393e8f586a29b59d7ae09a050a1fca4fcf388ea61438ef60831b3ae802d92c048365ae3968
DIST openldap-OPENLDAP_REL_ENG_2_6_3.tar.gz 6244895 BLAKE2B 97792a1b368de44867b0ce9eef38601c3e64b7d40e4ca206295bee110097697c919040d2220eea6f0581812e09a2cc3e6afb4a243a5072a8a0a95f24f9fb354b SHA512 1c882a0cd0729b5d0f40b58588d0e36ae3b1cae6d569f0576e940c7c63d03c29ed2c9db87695a87594ba99a927ef4cba491bddba3ce049025fd5883463122ba7
+DIST openldap-OPENLDAP_REL_ENG_2_6_4.tar.bz2 5043227 BLAKE2B 9bec77dbace0e52d1607d9ac13a77349e7d0b8876aa81fa635893638d00db58ec6bf8412f11fd266bba0440887be1aa21eb4a876122152f7f6de9fd8f75b6b4c SHA512 bff11bf1ae125bcabbd307f6c4e1c102a8df6f1091f84f5e7053fdbaa89ccd6aa0c86cc8dcce4fb9b6ffd853b5f8d3c933733f5713aeb4d6a9d77ab145293b48
DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e
diff --git a/net-nds/openldap/files/openldap-2.6.4-clang16.patch b/net-nds/openldap/files/openldap-2.6.4-clang16.patch
new file mode 100644
index 000000000000..bcbdf0b5819e
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.4-clang16.patch
@@ -0,0 +1,234 @@
+https://git.openldap.org/openldap/openldap/-/merge_requests/605
+
+From 83e2db9bf9fc2530a0ea6ca538a7732f6ad9de0e Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 9 Feb 2023 23:17:53 +0000
+Subject: [PATCH 1/3] build: fix compatibility with stricter C99 compilers
+
+Fix the following warnings:
+- -Wimplicit-int (fatal with Clang 16)
+- -Wimplicit-function-declaration (fatal with Clang 16)
+- -Wincompatible-function-pointer-types (fatal with Clang 16)
+- -Wint-conversion (fatal with Clang 15)
+- Old style prototypes (K&R, removed from C23)
+
+These warnings-now-error led to misconfigurations and failure to build
+OpenLDAP, as the tests used during configure caused the wrong results
+to be emitted.
+
+For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
+or the (new) c-std-porting mailing list [3].
+
+[0] https://lwn.net/Articles/913505/
+[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
+[2] https://wiki.gentoo.org/wiki/Modern_C_porting
+[3] hosted at lists.linux.dev.
+
+Bug: https://bugs.gentoo.org/871288
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/build/openldap.m4
++++ b/build/openldap.m4
+@@ -154,6 +154,7 @@ fi
+ if test $ol_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <ctype.h>
++#include <stdlib.h>
+ #ifndef HAVE_EBCDIC
+ # define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+ # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+@@ -360,9 +361,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
+ AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
+ [AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
+
+-int main(argc, argv)
+- int argc;
+- char **argv;
++int main(int argc, char **argv)
+ {
+ OL_PTHREAD_TEST_FUNCTION
+ }
+@@ -484,7 +483,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[
+ #include <sys/types.h>
+ #include <regex.h>
+ static char *pattern, *string;
+-main()
++int main(void)
+ {
+ int rc;
+ regex_t re;
+@@ -511,7 +510,8 @@ AC_DEFUN([OL_C_UPPER_LOWER],
+ [AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+ #include <ctype.h>
+-main()
++#include <stdlib.h>
++int main(void)
+ {
+ if ('C' == toupper('C'))
+ exit(0);
+@@ -569,7 +569,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R],
+ ]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no])
+ else
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+- main() {
++ int main(void) {
+ char buf[100];
+ buf[0] = 0;
+ strerror_r( 1, buf, sizeof buf );
+--- a/configure.ac
++++ b/configure.ac
+@@ -1017,7 +1017,11 @@ dnl ----------------------------------------------------------------
+ AC_CHECK_HEADERS( sys/epoll.h )
+ if test "${ac_cv_header_sys_epoll_h}" = yes; then
+ AC_MSG_CHECKING(for epoll system call)
+- AC_RUN_IFELSE([AC_LANG_SOURCE([[int main(int argc, char **argv)
++ AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
++#ifdef HAVE_SYS_POLL_H
++#include <sys/epoll.h>
++#endif
++int main(int argc, char **argv)
+ {
+ int epfd = epoll_create(256);
+ exit (epfd == -1 ? 1 : 0);
+@@ -1479,10 +1483,8 @@ pthread_rwlock_t rwlock;
+ dnl save the flags
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+ #include <pthread.h>
+-#ifndef NULL
+-#define NULL (void*)0
+-#endif
+-]], [[pthread_detach(NULL);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
++pthread_t thread;
++]], [[pthread_detach(thread);]])],[ol_cv_func_pthread_detach=yes],[ol_cv_func_pthread_detach=no])
+ ])
+
+ if test $ol_cv_func_pthread_detach = no ; then
+@@ -1537,6 +1539,9 @@ dnl esac
+ AC_CACHE_CHECK([if select yields when using pthreads],
+ ol_cv_pthread_select_yields,[
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
++#define _XOPEN_SOURCE 500 /* For pthread_setconcurrency() on glibc */
++#include <stdlib.h>
++#include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <unistd.h>
+@@ -1547,8 +1552,7 @@ dnl esac
+
+ static int fildes[2];
+
+-static void *task(p)
+- void *p;
++static void *task(void *p)
+ {
+ int i;
+ struct timeval tv;
+@@ -1572,9 +1576,7 @@ static void *task(p)
+ exit(0); /* if we exit here, the select blocked the whole process */
+ }
+
+-int main(argc, argv)
+- int argc;
+- char **argv;
++int main(int argc, char **argv)
+ {
+ pthread_t t;
+
+--
+GitLab
+
+
+From 853d613f39ae9e8d7dad4492076959c2d80e38c1 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 9 Feb 2023 23:20:32 +0000
+Subject: [PATCH 2/3] contrib: fix old-style K&R declarations
+
+Removed in C23.
+
+For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
+or the (new) c-std-porting mailing list [3].
+
+[0] https://lwn.net/Articles/913505/
+[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
+[2] https://wiki.gentoo.org/wiki/Modern_C_porting
+[3] hosted at lists.linux.dev.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/contrib/ldaptcl/tclAppInit.c
++++ b/contrib/ldaptcl/tclAppInit.c
+@@ -45,9 +45,7 @@ EXTERN int Tcltest_Init _ANSI_ARGS_((Tcl_Interp *interp));
+ */
+
+ int
+-main(argc, argv)
+- int argc; /* Number of command-line arguments. */
+- char **argv; /* Values of command-line arguments. */
++main(int argc, char **argv)
+ {
+ #ifdef USE_TCLX
+ TclX_Main(argc, argv, Tcl_AppInit);
+--- a/contrib/ldaptcl/tkAppInit.c
++++ b/contrib/ldaptcl/tkAppInit.c
+@@ -37,16 +37,9 @@ int (*tclDummyMathPtr)() = matherr;
+ * This is the main program for the application.
+ *-----------------------------------------------------------------------------
+ */
+-#ifdef __cplusplus
+ int
+ main (int argc,
+ char **argv)
+-#else
+-int
+-main (argc, argv)
+- int argc;
+- char **argv;
+-#endif
+ {
+ #ifdef USE_TCLX
+ TkX_Main(argc, argv, Tcl_AppInit);
+@@ -68,14 +61,8 @@ main (argc, argv)
+ * interp->result if an error occurs.
+ *-----------------------------------------------------------------------------
+ */
+-#ifdef __cplusplus
+ int
+ Tcl_AppInit (Tcl_Interp *interp)
+-#else
+-int
+-Tcl_AppInit (interp)
+- Tcl_Interp *interp;
+-#endif
+ {
+ if (Tcl_Init (interp) == TCL_ERROR) {
+ return TCL_ERROR;
+--
+GitLab
+
+
+From b4b3d026461b16f4f462e70225a5a0493647f0c8 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 9 Feb 2023 23:20:51 +0000
+Subject: [PATCH 3/3] servers: fix -Wstrict-prototypes
+
+For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
+or the (new) c-std-porting mailing list [3].
+
+[0] https://lwn.net/Articles/913505/
+[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
+[2] https://wiki.gentoo.org/wiki/Modern_C_porting
+[3] hosted at lists.linux.dev.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/servers/slapd/syslog.c
++++ b/servers/slapd/syslog.c
+@@ -209,7 +209,7 @@ openlog(const char *ident, int logstat, int logfac)
+ }
+
+ void
+-closelog()
++closelog(void)
+ {
+ (void)close(LogFile);
+ LogFile = -1;
+--
+GitLab
diff --git a/net-nds/openldap/openldap-2.6.4.ebuild b/net-nds/openldap/openldap-2.6.4.ebuild
new file mode 100644
index 000000000000..3cd2bdeb87d7
--- /dev/null
+++ b/net-nds/openldap/openldap-2.6.4.ebuild
@@ -0,0 +1,834 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
+
+MY_PV="$(ver_rs 1-2 _)"
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="https://www.openldap.org/"
+SRC_URI="
+ https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.bz2
+ mirror://gentoo/${BIS_P}
+"
+S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
+
+LICENSE="OPENLDAP GPL-2"
+# Subslot added for bug #835654
+SLOT="0/$(ver_cut 1-2)"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
+IUSE_OVERLAY="overlays perl autoca"
+IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
+IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
+IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
+IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+RESTRICT="!test? ( test )"
+
+RESTRICT="!test? ( test )"
+REQUIRED_USE="cxx? ( sasl )
+ pbkdf2? ( ssl )
+ test? ( cleartext sasl )
+ autoca? ( !gnutls )
+ ?? ( test minimal )
+ kerberos? ( ?? ( kinit smbkrb5passwd ) )"
+
+# openssl is needed to generate lanman-passwords required by samba
+COMMON_DEPEND="
+ kernel_linux? ( sys-apps/util-linux )
+ ssl? (
+ !gnutls? (
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
+ )
+ gnutls? (
+ >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
+ >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
+ )
+ )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ dev-libs/libltdl
+ sys-fs/e2fsprogs
+ >=dev-db/lmdb-0.9.18:=
+ argon2? ( app-crypt/argon2:= )
+ crypt? ( virtual/libcrypt:= )
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ dev-libs/openssl:0=
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl:0=
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? (
+ virtual/krb5
+ kinit? ( !app-crypt/heimdal )
+ )
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ sys-apps/groff
+"
+RDEPEND="${COMMON_DEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+
+# The user/group are only used for running daemons which are
+# disabled in minimal builds, so elide the accounts too.
+BDEPEND="!minimal? (
+ acct-group/ldap
+ acct-user/ldap
+)
+"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+ "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
+ "${FILESDIR}"/${PN}-2.6.1-cloak.patch
+ "${FILESDIR}"/${PN}-2.6.1-flags.patch
+ "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
+ "${FILESDIR}"/${PN}-2.6.4-clang16.patch
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ local openldap_datadirs=()
+ if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
+ openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
+ fi
+ openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs[@]} ; do
+ CURRENT_TAGDIR="${EROOT}$(sed "s:\/::" <<< ${each})"
+ CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
+ if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
+ einfo "- Checking ${each}..."
+ if [[ -r "${CURRENT_TAG}" ]] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source "${CURRENT_TAG}"
+ if [[ "${OLDPF}" == "" ]] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
+
+ [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
+
+ # are we on the same branch?
+ if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
+ SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
+ if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ local fail=0
+
+ # This will not cover detection of cn=Config based configuration, but
+ # it's hopefully good enough.
+ if grep -sq '^backend.*shell' "${EROOT}"/etc/openldap/slapd.conf; then
+ eerror " OpenLDAP >= 2.6.x has dropped support for Shell backend."
+ eerror " You will need to migrate per upstream's migration notes"
+ eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
+ eerror " Your existing database will not be accessible until it is"
+ eerror " converted away from backend shell!"
+ echo
+ fail=1
+ fi
+ if has_version "${CATEGORY}/${PN}[berkdb]" || grep -sq '^backend.*(bdb|hdb)' /etc/openldap/slapd.conf; then
+ eerror " OpenLDAP >= 2.6.x has dropped support for Berkeley DB."
+ eerror " You will need to migrate per upstream's migration notes"
+ eerror " at https://www.openldap.org/doc/admin25/appendix-upgrading.html."
+ eerror " Your existing database will not be accessible until it is"
+ eerror " converted to mdb!"
+ echo
+ fail=1
+ elif [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ :
+ # Nothing wrong here.
+ elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [[ "${fail}" == "1" ]] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ local d l i
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. Check that your data is intact."
+ eerror "11. Set up the new replication system."
+ eerror
+ if [[ "${FORCE_UPGRADE}" != "1" ]]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+}
+
+src_prepare() {
+ rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
+
+ local filename
+ for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
+ iconv -f iso-8859-1 -t utf-8 "${filename}" > "${filename}.utf8"
+ mv "${filename}.utf8" "${filename}"
+ done
+
+ default
+
+ sed -i \
+ -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
+ servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
+
+ pushd build &>/dev/null || die "pushd build"
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to remove too early stripping"
+ popd &>/dev/null || die
+
+ # Fails with OpenSSL 3, bug #848894
+ # https://bugs.openldap.org/show_bug.cgi?id=10009
+ rm tests/scripts/test076-authid-rewrite || die
+
+ eautoreconf
+ multilib_copy_sources
+}
+
+build_contrib_module() {
+ # <dir> [<target>]
+ pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
+ einfo "Compiling contrib-module: $1"
+ local target="${2:-all}"
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
+ "${target}"
+ popd &>/dev/null || die
+}
+
+multilib_src_configure() {
+ # Optional Features
+ myconf+=(
+ --enable-option-checking
+ $(use_enable debug)
+ --enable-dynamic
+ $(use_enable syslog)
+ $(use_enable ipv6)
+ --enable-local
+ )
+
+ # Optional Packages
+ myconf+=(
+ --without-fetch
+ )
+
+ if use experimental ; then
+ # connectionless ldap per bug #342439
+ # connectionless is a unsupported feature according to Howard Chu
+ # see https://bugs.openldap.org/show_bug.cgi?id=9739
+ # (see also bug #892009)
+ append-flags -DLDAP_CONNECTIONLESS
+ fi
+
+ if ! use minimal && multilib_is_native_abi; then
+ # SLAPD (Standalone LDAP Daemon) Options
+ # overlay chaining requires '--enable-ldap' #296567
+ # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
+ myconf+=(
+ --enable-ldap=yes
+ --enable-slapd
+ $(use_enable cleartext)
+ $(use_enable crypt)
+ $(multilib_native_use_enable sasl spasswd)
+ --disable-slp
+ $(use_enable tcpd wrappers)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ # ACI build as dynamic module not supported (yet)
+ --enable-aci=yes
+ )
+ fi
+
+ for option in modules rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # static SLAPD backends
+ for backend in mdb; do
+ myconf+=( --enable-${backend}=yes )
+ done
+
+ # module SLAPD backends
+ for backend in asyncmeta dnssrv meta null passwd relay sock; do
+ # missing modules: wiredtiger (not available in portage)
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ use perl && myconf+=( --enable-perl=mod )
+
+ if use odbc ; then
+ myconf+=( --enable-sql=mod )
+ if use iodbc ; then
+ myconf+=( --with-odbc="iodbc" )
+ append-cflags -I"${EPREFIX}"/usr/include/iodbc
+ else
+ myconf+=( --with-odbc="unixodbc" )
+ fi
+ fi
+
+ use overlays && myconf+=( --enable-overlays=mod )
+ use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
+ # compile-in the syncprov
+ myconf+=( --enable-syncprov=yes )
+
+ # SLAPD Password Module Options
+ myconf+=(
+ $(use_enable argon2)
+ )
+
+ # Optional Packages
+ myconf+=(
+ $(use_with systemd)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ )
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-mdb
+ --disable-overlays
+ --disable-autoca
+ --disable-syslog
+ --without-systemd
+ )
+ fi
+
+ # Library Generation & Linking Options
+ myconf+=(
+ $(use_enable static-libs static)
+ --enable-shared
+ --enable-versioning
+ --with-pic
+ )
+
+ # some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ if use gnutls ; then
+ myconf+=( --with-tls="gnutls" )
+ else
+ # disable MD2 hash function
+ append-cflags -DOPENSSL_NO_MD2
+ myconf+=( --with-tls="openssl" )
+ fi
+ else
+ myconf+=( --with-tls="no" )
+ fi
+
+ tc-export AR CC CXX
+
+ ECONF_SOURCE="${S}" econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ --localstatedir="${EPREFIX}"/var \
+ --runstatedir="${EPREFIX}"/run \
+ --sharedstatedir="${EPREFIX}"/var/lib \
+ "${myconf[@]}"
+
+ # argument '--runstatedir' seems to have no effect therefore this workaround
+ sed -i \
+ -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
+ configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
+
+ sed -i \
+ -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
+ doc/guide/admin/security.sdf || die 'could not fix run path in doc'
+
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # we have to run it AFTER the main build, not just after the main configure
+ local myconf_ldapcpp=(
+ --with-libldap="${E}/lib"
+ --with-ldap-includes="${S}/include"
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+
+ local LDFLAGS="${LDFLAGS}"
+ local CPPFLAGS="${CPPFLAGS}"
+
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+
+ ECONF_SOURCE="${S}"/contrib/ldapc++ econf "${myconf_ldapcpp[@]}"
+ popd &>/dev/null || die "popd contrib/ldapc++"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+ emake
+ popd &>/dev/null || die
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use kerberos ; then
+ if use kinit ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ fi
+ build_contrib_module "passwd" "pw-kerberos.la"
+ fi
+
+ if use pbkdf2; then
+ build_contrib_module "passwd/pbkdf2"
+ fi
+
+ if use sha2 ; then
+ build_contrib_module "passwd/sha2"
+ fi
+
+ # We could build pw-radius if GNURadius would install radlib.h
+ build_contrib_module "passwd" "pw-netscape.la"
+
+ #build_contrib_module "acl" "posixgroup.la" # example code only
+ #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
+ build_contrib_module "addpartial"
+ build_contrib_module "allop"
+ build_contrib_module "allowed"
+ build_contrib_module "autogroup"
+ build_contrib_module "cloak"
+ # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop"
+ build_contrib_module "dsaschema"
+ build_contrib_module "dupent"
+ build_contrib_module "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod"
+ build_contrib_module "noopsrch"
+ #build_contrib_module "nops" https://bugs.gentoo.org/641576
+ #build_contrib_module "nssov" RESO:LATER
+ build_contrib_module "trace"
+ # build slapi-plugins
+ pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
+ einfo "Building contrib-module: addrdnvalues plugin"
+ $(tc-getCC) -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+ popd &>/dev/null || die
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ pwd
+
+ # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
+ # emake partests => runs ALL of the tests in parallel
+ # wt/WiredTiger is not supported in Gentoo
+ TESTS=( plloadd pmdb )
+ #TESTS+=( pldif ) # not done by default, so also exclude here
+ #use odbc && TESTS+=( psql ) # not done by default, so also exclude here
+
+ emake "${TESTS[@]}"
+ fi
+}
+
+multilib_src_install() {
+ emake CC="$(tc-getCC)" \
+ DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"/etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.6.3-slapd-conf slapd.conf
+ configfile="${ED}"/etc/openldap/slapd.conf
+
+ # populate with built backends
+ einfo "populate config with built backends"
+ for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default || die
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
+ doinitd "${T}"/slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
+
+ if use systemd; then
+ # The systemd unit uses Type=notify, so it is useless without USE=systemd
+ einfo "Install systemd service"
+ rm -rf "${ED}"/{,usr/}lib/systemd
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
+ systemd_dounit "${T}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+ fi
+
+ # if built without SLP, we don't need to be before avahi
+ sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"/etc/init.d/slapd \
+ || die
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la */*/*.la; do
+ [[ -e ${l} ]] || continue
+ libtool --mode=install cp ${l} \
+ "${ED}"/usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+
+ if ! use static-libs ; then
+ find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ if use systemd; then
+ tmpfiles_process slapd.conf
+ fi
+
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ if [[ -d "${EROOT}"/var/run/openldap ]]; then
+ use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
+ chmod 0755 "${EROOT}"/var/run/openldap || die
+ fi
+ use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
+ use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2023-01-19 18:02 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2023-01-19 18:02 UTC (permalink / raw
To: gentoo-commits
commit: e276465660720433c8261e3fcbdcb974547de341
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 19 18:01:13 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jan 19 18:02:32 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2764656
net-nds/openldap: fix systemd unit
Closes: https://bugs.gentoo.org/843029
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-nds/openldap/files/slapd.service | 1 +
net-nds/openldap/{openldap-2.6.3-r4.ebuild => openldap-2.6.3-r5.ebuild} | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/net-nds/openldap/files/slapd.service b/net-nds/openldap/files/slapd.service
index 3427b87e936e..028dc879f46a 100644
--- a/net-nds/openldap/files/slapd.service
+++ b/net-nds/openldap/files/slapd.service
@@ -7,6 +7,7 @@ Type=forking
PIDFile=/run/openldap/slapd.pid
ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS
ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
+NotifyAccess=all
[Install]
WantedBy=multi-user.target
diff --git a/net-nds/openldap/openldap-2.6.3-r4.ebuild b/net-nds/openldap/openldap-2.6.3-r5.ebuild
similarity index 99%
rename from net-nds/openldap/openldap-2.6.3-r4.ebuild
rename to net-nds/openldap/openldap-2.6.3-r5.ebuild
index 14a589aac4b0..32a69aa7ee54 100644
--- a/net-nds/openldap/openldap-2.6.3-r4.ebuild
+++ b/net-nds/openldap/openldap-2.6.3-r5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2022-11-24 11:27 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2022-11-24 11:27 UTC (permalink / raw
To: gentoo-commits
commit: d4d1d9ed527058cf86b22407cc492944f9b1e6e5
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 24 11:17:03 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 24 11:25:33 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4d1d9ed
net-nds/openldap: fix configure+build w/ clang 16
This affects the macro which ntp bundles too.
Closes: https://bugs.gentoo.org/871288
Bug: https://bugs.gentoo.org/871372
Bug: https://bugs.gentoo.org/882183
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openldap/files/openldap-2.6.3-clang16.patch | 139 ++++
net-nds/openldap/openldap-2.6.3-r1.ebuild | 797 +++++++++++++++++++++
2 files changed, 936 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.6.3-clang16.patch b/net-nds/openldap/files/openldap-2.6.3-clang16.patch
new file mode 100644
index 000000000000..4d9210b1f0fe
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.3-clang16.patch
@@ -0,0 +1,139 @@
+https://bugs.gentoo.org/871288
+https://bugs.gentoo.org/871372
+
+From ee4983302d6f052e77ab0332d2a128d169c2eacb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <arsen@aarsen.me>
+Date: Tue, 15 Nov 2022 21:45:27 +0100
+Subject: [PATCH] Remove default-int/k&r declarations from the configure macros
+
+Recently, Clang tried to switch to having K&R prototypes and other
+non-strictly-conforming prototypes error out, as a result of C2x changes
+to the standard. These have been located across many packages, and
+range in severity from mild compile errors to runtime misconfiguration
+as a result of broken configure scripts.
+
+This covers all the instances I could find by grepping around the
+codebase, and gets OpenLDAP building on my system.
+
+Bug: https://bugs.gentoo.org/871288
+--- a/build/openldap.m4
++++ b/build/openldap.m4
+@@ -360,9 +360,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
+ AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
+ [AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
+
+-int main(argc, argv)
+- int argc;
+- char **argv;
++int main(int argc, char **argv)
+ {
+ OL_PTHREAD_TEST_FUNCTION
+ }
+@@ -484,7 +482,7 @@ AC_CACHE_CHECK([for compatible POSIX regex],ol_cv_c_posix_regex,[
+ #include <sys/types.h>
+ #include <regex.h>
+ static char *pattern, *string;
+-main()
++int main(void)
+ {
+ int rc;
+ regex_t re;
+@@ -511,7 +509,7 @@ AC_DEFUN([OL_C_UPPER_LOWER],
+ [AC_CACHE_CHECK([if toupper() requires islower()],ol_cv_c_upper_lower,[
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+ #include <ctype.h>
+-main()
++int main(void)
+ {
+ if ('C' == toupper('C'))
+ exit(0);
+@@ -569,7 +567,7 @@ AC_DEFUN([OL_NONPOSIX_STRERROR_R],
+ ]])],[ol_cv_nonposix_strerror_r=yes],[ol_cv_nonposix_strerror_r=no])
+ else
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+- main() {
++ int main(void) {
+ char buf[100];
+ buf[0] = 0;
+ strerror_r( 1, buf, sizeof buf );
+--- a/configure.ac
++++ b/configure.ac
+@@ -1547,8 +1547,7 @@ dnl esac
+
+ static int fildes[2];
+
+-static void *task(p)
+- void *p;
++static void *task(void *p)
+ {
+ int i;
+ struct timeval tv;
+@@ -1572,9 +1571,7 @@ static void *task(p)
+ exit(0); /* if we exit here, the select blocked the whole process */
+ }
+
+-int main(argc, argv)
+- int argc;
+- char **argv;
++int main(int argc, char **argv)
+ {
+ pthread_t t;
+
+--- a/contrib/ldaptcl/tclAppInit.c
++++ b/contrib/ldaptcl/tclAppInit.c
+@@ -45,9 +45,7 @@ EXTERN int Tcltest_Init _ANSI_ARGS_((Tcl_Interp *interp));
+ */
+
+ int
+-main(argc, argv)
+- int argc; /* Number of command-line arguments. */
+- char **argv; /* Values of command-line arguments. */
++main(int argc, char **argv)
+ {
+ #ifdef USE_TCLX
+ TclX_Main(argc, argv, Tcl_AppInit);
+--- a/contrib/ldaptcl/tkAppInit.c
++++ b/contrib/ldaptcl/tkAppInit.c
+@@ -37,16 +37,9 @@ int (*tclDummyMathPtr)() = matherr;
+ * This is the main program for the application.
+ *-----------------------------------------------------------------------------
+ */
+-#ifdef __cplusplus
+ int
+ main (int argc,
+ char **argv)
+-#else
+-int
+-main (argc, argv)
+- int argc;
+- char **argv;
+-#endif
+ {
+ #ifdef USE_TCLX
+ TkX_Main(argc, argv, Tcl_AppInit);
+@@ -68,14 +61,8 @@ main (argc, argv)
+ * interp->result if an error occurs.
+ *-----------------------------------------------------------------------------
+ */
+-#ifdef __cplusplus
+ int
+ Tcl_AppInit (Tcl_Interp *interp)
+-#else
+-int
+-Tcl_AppInit (interp)
+- Tcl_Interp *interp;
+-#endif
+ {
+ if (Tcl_Init (interp) == TCL_ERROR) {
+ return TCL_ERROR;
+--- a/servers/slapd/syslog.c
++++ b/servers/slapd/syslog.c
+@@ -209,7 +209,7 @@ openlog(const char *ident, int logstat, int logfac)
+ }
+
+ void
+-closelog()
++closelog(void)
+ {
+ (void)close(LogFile);
+ LogFile = -1;
diff --git a/net-nds/openldap/openldap-2.6.3-r1.ebuild b/net-nds/openldap/openldap-2.6.3-r1.ebuild
new file mode 100644
index 000000000000..98e863435dae
--- /dev/null
+++ b/net-nds/openldap/openldap-2.6.3-r1.ebuild
@@ -0,0 +1,797 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic multilib multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
+
+MY_PV="$(ver_rs 1-2 _)"
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="https://www.openldap.org/"
+SRC_URI="
+ https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz
+ mirror://gentoo/${BIS_P}
+"
+S="${WORKDIR}"/${PN}-OPENLDAP_REL_ENG_${MY_PV}
+
+LICENSE="OPENLDAP GPL-2"
+# Subslot added for bug #835654
+SLOT="0/$(ver_cut 1-2)"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd"
+IUSE_OVERLAY="overlays perl autoca"
+IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test"
+IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd"
+IUSE_CONTRIB="${IUSE_CONTRIB} cxx"
+IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+RESTRICT="!test? ( test )"
+
+RESTRICT="!test? ( test )"
+REQUIRED_USE="cxx? ( sasl )
+ pbkdf2? ( ssl )
+ test? ( cleartext sasl )
+ autoca? ( !gnutls )
+ ?? ( test minimal )"
+
+# openssl is needed to generate lanman-passwords required by samba
+COMMON_DEPEND="
+ kernel_linux? ( sys-apps/util-linux )
+ ssl? (
+ !gnutls? (
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
+ )
+ gnutls? (
+ >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
+ >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
+ )
+ )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ dev-libs/libltdl
+ sys-fs/e2fsprogs
+ >=dev-db/lmdb-0.9.18:=
+ argon2? ( app-crypt/argon2:= )
+ crypt? ( virtual/libcrypt:= )
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ dev-libs/openssl:0=
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl:0=
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? (
+ virtual/krb5
+ kinit? ( !app-crypt/heimdal )
+ )
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ sys-apps/groff
+"
+RDEPEND="${COMMON_DEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+
+# The user/group are only used for running daemons which are
+# disabled in minimal builds, so elide the accounts too.
+BDEPEND="!minimal? (
+ acct-group/ldap
+ acct-user/ldap
+)
+"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+ "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch
+ "${FILESDIR}"/${PN}-2.6.1-cloak.patch
+ "${FILESDIR}"/${PN}-2.6.1-flags.patch
+ "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
+ "${FILESDIR}"/${PN}-2.6.1-fix-bashism-configure.patch
+ "${FILESDIR}"/${PN}-2.6.3-clang16.patch
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ local openldap_datadirs=()
+ if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
+ openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
+ fi
+ openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs[@]} ; do
+ CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
+ CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
+ if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
+ einfo "- Checking ${each}..."
+ if [[ -r "${CURRENT_TAG}" ]] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source "${CURRENT_TAG}"
+ if [[ "${OLDPF}" == "" ]] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
+
+ [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
+
+ # are we on the same branch?
+ if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
+ SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
+ if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ local fail=0
+ if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ :
+ # Nothing wrong here.
+ elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [[ "${fail}" == "1" ]] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ local d l i
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. grep -E -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [[ "${FORCE_UPGRADE}" != "1" ]]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+}
+
+src_prepare() {
+ rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory'
+
+ for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
+ iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8"
+ mv "$filename.utf8" "$filename"
+ done
+
+ default
+
+ sed -i \
+ -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \
+ servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed'
+
+ pushd build &>/dev/null || die "pushd build"
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to remove to early stripping"
+ popd &>/dev/null || die
+
+ eautoreconf
+ multilib_copy_sources
+}
+
+build_contrib_module() {
+ # <dir> [<target>]
+ pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
+ einfo "Compiling contrib-module: $1"
+ local target="${2:-all}"
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \
+ "$target"
+ popd &>/dev/null || die
+}
+
+multilib_src_configure() {
+ # Optional Features
+ myconf+=(
+ --enable-option-checking
+ $(use_enable debug)
+ --enable-dynamic
+ $(use_enable syslog)
+ $(use_enable ipv6)
+ --enable-local
+ )
+
+ # Optional Packages
+ myconf+=(
+ --without-fetch
+ )
+
+ if ! use minimal && multilib_is_native_abi; then
+ # SLAPD (Standalone LDAP Daemon) Options
+ # overlay chaining requires '--enable-ldap' #296567
+ # see https://www.openldap.org/doc/admin26/overlays.html#Chaining
+ myconf+=(
+ --enable-ldap=yes
+ --enable-slapd
+ $(use_enable cleartext)
+ $(use_enable crypt)
+ $(multilib_native_use_enable sasl spasswd)
+ --disable-slp
+ $(use_enable tcpd wrappers)
+ )
+ if use experimental ; then
+ # connectionless ldap per bug #342439
+ # connectionless is a unsupported feature according to Howard Chu
+ # see https://bugs.openldap.org/show_bug.cgi?id=9739
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ myconf+=(
+ --enable-dynacl
+ # ACI build as dynamic module not supported (yet)
+ --enable-aci=yes
+ )
+ fi
+
+ for option in modules rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # static SLAPD backends
+ for backend in mdb; do
+ myconf+=( --enable-${backend}=yes )
+ done
+
+ # module SLAPD backends
+ for backend in asyncmeta dnssrv meta null passwd relay sock; do
+ # missing modules: wiredtiger (not available in portage)
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ use perl && myconf+=( --enable-perl=mod )
+
+ if use odbc ; then
+ myconf+=( --enable-sql=mod )
+ if use iodbc ; then
+ myconf+=( --with-odbc="iodbc" )
+ append-cflags -I"${EPREFIX}"/usr/include/iodbc
+ else
+ myconf+=( --with-odbc="unixodbc" )
+ fi
+ fi
+
+ use overlays && myconf+=( --enable-overlays=mod )
+ use autoca && myconf+=( --enable-autoca=mod ) || myconf+=( --enable-autoca=no )
+ # compile-in the syncprov
+ myconf+=( --enable-syncprov=yes )
+
+ # SLAPD Password Module Options
+ myconf+=(
+ $(use_enable argon2)
+ )
+
+ # Optional Packages
+ myconf+=(
+ $(use_with systemd)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ )
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-mdb
+ --disable-overlays
+ --disable-autoca
+ --disable-syslog
+ --without-systemd
+ )
+ fi
+
+ # Library Generation & Linking Options
+ myconf+=(
+ $(use_enable static-libs static)
+ --enable-shared
+ --enable-versioning
+ --with-pic
+ )
+
+ # some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ if use gnutls ; then
+ myconf+=( --with-tls="gnutls" )
+ else
+ # disable MD2 hash function
+ append-cflags -DOPENSSL_NO_MD2
+ myconf+=( --with-tls="openssl" )
+ fi
+ else
+ myconf+=( --with-tls="no" )
+ fi
+
+ tc-export AR CC CXX
+
+ ECONF_SOURCE="${S}" econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ --localstatedir="${EPREFIX}"/var \
+ --runstatedir="${EPREFIX}"/run \
+ --sharedstatedir="${EPREFIX}"/var/lib \
+ "${myconf[@]}"
+
+ # argument '--runstatedir' seems to have no effect therefore this workaround
+ sed -i \
+ -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \
+ configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir'
+
+ sed -i \
+ -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \
+ doc/guide/admin/security.sdf || die 'could not fix run path in doc'
+
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # we have to run it AFTER the main build, not just after the main configure
+ local myconf_ldapcpp=(
+ --with-libldap="${E}/lib"
+ --with-ldap-includes="${S}/include"
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory"
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+ local LDFLAGS=${LDFLAGS}
+ local CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}"
+ popd &>/dev/null || die "popd contrib/ldapc++"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="$(tc-getCC)" SHELL="${EPREFIX}"/bin/sh
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+ emake
+ popd &>/dev/null || die
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="$(tc-getCC)" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use kerberos ; then
+ if use kinit ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ fi
+ build_contrib_module "passwd" "pw-kerberos.la"
+ fi
+
+ if use pbkdf2; then
+ build_contrib_module "passwd/pbkdf2"
+ fi
+
+ if use sha2 ; then
+ build_contrib_module "passwd/sha2"
+ fi
+
+ # We could build pw-radius if GNURadius would install radlib.h
+ build_contrib_module "passwd" "pw-netscape.la"
+
+ #build_contrib_module "acl" "posixgroup.la" # example code only
+ #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos
+ build_contrib_module "addpartial"
+ build_contrib_module "allop"
+ build_contrib_module "allowed"
+ build_contrib_module "autogroup"
+ build_contrib_module "cloak"
+ # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop"
+ build_contrib_module "dsaschema"
+ build_contrib_module "dupent"
+ build_contrib_module "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod"
+ build_contrib_module "noopsrch"
+ #build_contrib_module "nops" https://bugs.gentoo.org/641576
+ #build_contrib_module "nssov" RESO:LATER
+ build_contrib_module "trace"
+ # build slapi-plugins
+ pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
+ einfo "Building contrib-module: addrdnvalues plugin"
+ $(tc-getCC) -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+ popd &>/dev/null || die
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd "tests"
+ pwd
+ # emake test => runs only lloadd & mdb, in serial; skips ldif,sql,wt,regression
+ # emake partests => runs ALL of the tests in parallel
+ # wt/WiredTiger is not supported in Gentoo
+ TESTS=( plloadd pmdb )
+ #TESTS+=( pldif ) # not done by default, so also exclude here
+ #use odbc && TESTS+=( psql ) # not done by default, so also exclude here
+ emake "${TESTS[@]}"
+ fi
+}
+
+multilib_src_install() {
+ emake CC="$(tc-getCC)" \
+ DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"/etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"/etc/openldap/slapd.conf
+
+ # populate with built backends
+ einfo "populate config with built backends"
+ for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default || die
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
+ doinitd "${T}"/slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd
+
+ einfo "Install systemd service"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die
+ systemd_dounit "${T}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ # if built without SLP, we don't need to be before avahi
+ sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"/etc/init.d/slapd \
+ || die
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la */*/*.la; do
+ [[ -e ${l} ]] || continue
+ libtool --mode=install cp ${l} \
+ "${ED}"/usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+
+ if ! use static-libs ; then
+ find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ tmpfiles_process slapd.conf
+
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ if [[ -d "${EROOT}"/var/run/openldap ]]; then
+ use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
+ chmod 0755 "${EROOT}"/var/run/openldap || die
+ fi
+ use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
+ use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2022-03-20 21:04 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2022-03-20 21:04 UTC (permalink / raw
To: gentoo-commits
commit: 524491b7848c723edf7707f1a21bc80a3b7ab3c0
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 20 20:26:48 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 20 21:04:29 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=524491b7
net-nds/openldap: drop sys-libs/db (BDB) remnants from 2.6.1
We already dropped the dependency in 2.6.1 so let's
clean up some remnants.
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/openldap-2.6.1-fix-bashism-configure.patch | 2 --
net-nds/openldap/openldap-2.6.1.ebuild | 12 +-----------
2 files changed, 1 insertion(+), 13 deletions(-)
diff --git a/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch b/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch
index 93b104198ba6..c2acb679e3ba 100644
--- a/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch
+++ b/net-nds/openldap/files/openldap-2.6.1-fix-bashism-configure.patch
@@ -1,5 +1,3 @@
-diff --git a/configure.ac b/configure.ac
-index a5075be..b78f2ad 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2055,7 +2055,7 @@ dnl
diff --git a/net-nds/openldap/openldap-2.6.1.ebuild b/net-nds/openldap/openldap-2.6.1.ebuild
index 252fe1d5b198..0edc6a14276a 100644
--- a/net-nds/openldap/openldap-2.6.1.ebuild
+++ b/net-nds/openldap/openldap-2.6.1.ebuild
@@ -38,14 +38,6 @@ REQUIRED_USE="cxx? ( sasl )
S=${WORKDIR}/${PN}-OPENLDAP_REL_ENG_${MY_PV}
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
-BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}"
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
# openssl is needed to generate lanman-passwords required by samba
COMMON_DEPEND="
ssl? (
@@ -230,6 +222,7 @@ openldap_find_versiontags() {
[[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
+ # TODO: remove this as we dropped bdb support (gone upstream) in 2.6.1?
SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
@@ -787,9 +780,6 @@ pkg_postinst() {
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
fi
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0)
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2022-03-19 22:39 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2022-03-19 22:39 UTC (permalink / raw
To: gentoo-commits
commit: b7da48a7fce92735b1cb9353ea9a85afe8acc139
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 19 22:34:14 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Mar 19 22:39:02 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7da48a7
net-nds/openldap: add upstream MAKEOPTS patch
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openldap/files/openldap-2.6.1-make-flags.patch | 59 ++++++++++++++++++++++
net-nds/openldap/openldap-2.6.1.ebuild | 1 +
2 files changed, 60 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.6.1-make-flags.patch b/net-nds/openldap/files/openldap-2.6.1-make-flags.patch
new file mode 100644
index 000000000000..bf94f9958d3a
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.6.1-make-flags.patch
@@ -0,0 +1,59 @@
+https://github.com/openldap/openldap/commit/8e3f87f86a51e78bffefb85968e5684213422cb7
+
+From: Orgad Shaneh <orgad.shaneh@audiocodes.com>
+Date: Tue, 25 Jan 2022 17:38:46 +0200
+Subject: [PATCH] ITS#9788 Fix make jobserver warnings
+
+Running make -j8 issues the following warning for each directory with
+make 4.3:
+make[2]: warning: -j8 forced in submake: resetting jobserver mode.
+
+There is no need to pass MFLAGS. Make picks it up from the
+environment anyway.
+--- a/build/dir.mk
++++ b/build/dir.mk
+@@ -21,7 +21,7 @@ all-common: FORCE
+ @echo "Making all in `$(PWD)`"
+ @for i in $(SUBDIRS) $(ALLDIRS); do \
+ echo " Entering subdirectory $$i"; \
+- ( cd $$i && $(MAKE) $(MFLAGS) all ); \
++ ( cd $$i && $(MAKE) all ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+@@ -30,7 +30,7 @@ install-common: FORCE
+ @echo "Making install in `$(PWD)`"
+ @for i in $(SUBDIRS) $(INSTALLDIRS); do \
+ echo " Entering subdirectory $$i"; \
+- ( cd $$i && $(MAKE) $(MFLAGS) install ); \
++ ( cd $$i && $(MAKE) install ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+@@ -39,7 +39,7 @@ clean-common: FORCE
+ @echo "Making clean in `$(PWD)`"
+ @for i in $(SUBDIRS) $(CLEANDIRS); do \
+ echo " Entering subdirectory $$i"; \
+- ( cd $$i && $(MAKE) $(MFLAGS) clean ); \
++ ( cd $$i && $(MAKE) clean ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+@@ -48,7 +48,7 @@ veryclean-common: FORCE
+ @echo "Making veryclean in `$(PWD)`"
+ @for i in $(SUBDIRS) $(CLEANDIRS); do \
+ echo " Entering subdirectory $$i"; \
+- ( cd $$i && $(MAKE) $(MFLAGS) veryclean ); \
++ ( cd $$i && $(MAKE) veryclean ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
+@@ -57,7 +57,7 @@ depend-common: FORCE
+ @echo "Making depend in `$(PWD)`"
+ @for i in $(SUBDIRS) $(DEPENDDIRS); do \
+ echo " Entering subdirectory $$i"; \
+- ( cd $$i && $(MAKE) $(MFLAGS) depend ); \
++ ( cd $$i && $(MAKE) depend ); \
+ if test $$? != 0 ; then exit 1; fi ; \
+ echo " "; \
+ done
diff --git a/net-nds/openldap/openldap-2.6.1.ebuild b/net-nds/openldap/openldap-2.6.1.ebuild
index 7ca516cae4d6..0e0449e3885e 100644
--- a/net-nds/openldap/openldap-2.6.1.ebuild
+++ b/net-nds/openldap/openldap-2.6.1.ebuild
@@ -144,6 +144,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.6.1-cloak.patch
"${FILESDIR}"/${PN}-2.6.1-flags.patch
"${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch
+ "${FILESDIR}"/${PN}-2.6.1-make-flags.patch
)
openldap_filecount() {
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2021-03-25 13:02 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2021-03-25 13:02 UTC (permalink / raw
To: gentoo-commits
commit: 2f022ebed59863e745ac87005a956b0736266dfe
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 12:39:20 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 13:02:15 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f022ebe
net-nds/openldap: fix build with slibtool
Thanks-to: orbea <orbea <AT> riseup.net>
Closes: https://bugs.gentoo.org/777804
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openldap/files/openldap-2.4.58-slibtool.patch | 33 +
net-nds/openldap/openldap-2.4.58-r1.ebuild | 915 +++++++++++++++++++++
2 files changed, 948 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.4.58-slibtool.patch b/net-nds/openldap/files/openldap-2.4.58-slibtool.patch
new file mode 100644
index 00000000000..3467248a2a7
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.58-slibtool.patch
@@ -0,0 +1,33 @@
+https://bugs.gentoo.org/777804
+
+commit 236b3a0d91774d7032c6aaf483e8a25075f31af3
+Author: orbea <orbea@riseup.net>
+Date: Wed Mar 24 21:38:55 2021 -0700
+
+ Fix build with --disable-static and slibtool.
+
+diff --git a/build/top.mk b/build/top.mk
+index f542ded..f07ff77 100644
+--- a/build/top.mk
++++ b/build/top.mk
+@@ -86,6 +86,11 @@ LTONLY_yes = --tag=disable-shared
+ LTONLY_mod = --tag=disable-static
+ LTONLY_MOD = $(LTONLY_$(BUILD_MOD))
+
++# static flag for modules
++STATIC_yes = -static
++STATIC_mod =
++STATIC_MOD = $(STATIC_$(BUILD_MOD))
++
+ # platform-specific libtool flags
+ NT_LTFLAGS_LIB = -no-undefined -avoid-version -rpath $(libdir)
+ NT_LTFLAGS_MOD = -no-undefined -avoid-version -rpath $(moduledir)
+@@ -116,7 +121,7 @@ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
+ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)
+
+ LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
+- $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
++ $(CC) $(STATIC_MOD) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
+
+ LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \
+ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)
diff --git a/net-nds/openldap/openldap-2.4.58-r1.ebuild b/net-nds/openldap/openldap-2.4.58-r1.ebuild
new file mode 100644
index 00000000000..5b0c6ed7f43
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.58-r1.ebuild
@@ -0,0 +1,915 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools db-use flag-o-matic multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="https://www.OpenLDAP.org/"
+
+# upstream mirrors are mostly not working, using canonical URI
+SRC_URI="
+ https://openldap.org/software/download/OpenLDAP/openldap-release/${P}.tgz
+ http://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/${P}.tgz
+ http://repository.linagora.org/OpenLDAP/openldap-release/${P}.tgz
+ http://mirror.eu.oneandone.net/software/openldap/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt samba tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs test"
+IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+RESTRICT="!test? ( test )"
+REQUIRED_USE="cxx? ( sasl )
+ pbkdf2? ( ssl )
+ test? ( berkdb )
+ ?? ( test minimal )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build.
+BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}"
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+COMMON_DEPEND="
+ ssl? (
+ !gnutls? (
+ !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
+ libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
+ )
+ gnutls? (
+ >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}]
+ >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
+ )
+ )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ dev-libs/libltdl
+ sys-libs/e2fsprogs-libs
+ >=dev-db/lmdb-0.9.18:=
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? (
+ virtual/krb5
+ kinit? ( !app-crypt/heimdal )
+ )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ sys-apps/groff
+"
+RDEPEND="${COMMON_DEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+
+# The user/group are only used for running daemons which are
+# disabled in minimal builds, so elide the accounts too.
+# for tracking versions
+
+BDEPEND="!minimal? (
+ acct-group/ldap
+ acct-user/ldap
+)
+"
+
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ "${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # unbundle lmdb
+ "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
+
+ # bug #622464
+ "${FILESDIR}"/${PN}-2.4.47-libressl.patch
+
+ # fix some compiler warnings
+ "${FILESDIR}"/${PN}-2.4.47-warnings.patch
+
+ # fix build with slibtool, see bug #777804
+ "${FILESDIR}"/${PN}-2.4.58-slibtool.patch
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ local openldap_datadirs=()
+ if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then
+ openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) )
+ fi
+ openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} )
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs[@]} ; do
+ CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})"
+ CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}"
+ if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then
+ einfo "- Checking ${each}..."
+ if [[ -r "${CURRENT_TAG}" ]] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source "${CURRENT_TAG}"
+ if [[ "${OLDPF}" == "" ]] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=$(ver_cut 2-3 ${OLDPF})
+
+ [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1
+
+ # are we on the same branch?
+ if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd"
+ if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in ${BDB_SLOTS} ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "${NEWVER}" ]] && break
+ done
+ fi
+ local fail=0
+ if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ :
+ # Nothing wrong here.
+ elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [[ "${OLDVER}" != "${NEWVER}" ]]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [[ "${fail}" == "1" ]] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ local d l i
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [[ "${FORCE_UPGRADE}" != "1" ]]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version 'net-nds/openldap[minimal]' ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ -i include/ldap_defaults.h || die
+
+ default
+ rm -r libraries/liblmdb || die
+
+ pushd build &>/dev/null || die "pushd build"
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+ popd &>/dev/null || die
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed \
+ -e 's|/bin/sh|/bin/bash|g' \
+ -i tests/scripts/* || die "sed failed"
+
+ # Required for autoconf-2.70 #765043
+ sed 's@^AM_INIT_AUTOMAKE.*@AC_PROG_MAKE_SET@' -i configure.in || die
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1"
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(LC_ALL=C tr '[:lower:]' '[:upper:]' <<< "SLAPD_OVER_${1}")"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+ popd &>/dev/null || die
+}
+
+src_configure() {
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU exists only in the configure, nowhere in the codebase, bug #510858
+ export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir ${BDB_SLOTS})
+ einfo "Using ${DBINCLUDE} for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ --disable-slp
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ CONFIG_SHELL="/bin/sh" \
+ ECONF_SOURCE="${S}" \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+ popd &>/dev/null || die
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/sh
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++"
+ emake CC="${CC}" CXX="${CXX}"
+ popd &>/dev/null || die
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd"
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4"
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ popd &>/dev/null || die
+ fi
+
+ if use kerberos ; then
+ if use kinit ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ fi
+ pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ popd &>/dev/null || die
+ fi
+
+ if use pbkdf2; then
+ pushd "${S}/contrib/slapd-modules/passwd/pbkdf2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/pbkdf2"
+ einfo "Compiling contrib-module: pw-pbkdf2"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../../include \
+ ${CFLAGS} \
+ -o pbkdf2.lo \
+ -c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed"
+ einfo "Linking contrib-module: pw-pbkdf2"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-pbkdf2.la \
+ pbkdf2.lo || die "linking pw-pbkdf2 failed"
+ popd &>/dev/null || die
+ fi
+
+ if use sha2 ; then
+ pushd "${S}/contrib/slapd-modules/passwd/sha2" &>/dev/null || die "pushd contrib/slapd-modules/passwd/sha2"
+ einfo "Compiling contrib-module: pw-sha2"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../../include \
+ ${CFLAGS} \
+ -o sha2.lo \
+ -c sha2.c || die "compiling pw-sha2 failed"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../../include \
+ ${CFLAGS} \
+ -o slapd-sha2.lo \
+ -c slapd-sha2.c || die "compiling pw-sha2 failed"
+ einfo "Linking contrib-module: pw-sha2"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-sha2.la \
+ sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed"
+ popd &>/dev/null || die
+ fi
+
+ # We could build pw-radius if GNURadius would install radlib.h
+ pushd "${S}/contrib/slapd-modules/passwd" &>/dev/null || die "pushd contrib/slapd-modules/passwd"
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ #build_contrib_module "nops" "nops.c" "nops-overlay" https://bugs.gentoo.org/641576
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ popd &>/dev/null || die
+ # build slapi-plugins
+ pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues"
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+ popd &>/dev/null || die
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"/etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"/etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default || die
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die
+ doinitd "${T}"/slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+
+ einfo "Install systemd service"
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die
+ systemd_dounit "${T}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ # If built without SLP, we don't need to be before avahi
+ sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"/etc/init.d/slapd \
+ || die
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la */*/*.la; do
+ [[ -e ${l} ]] || continue
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"/usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+
+ if ! use static-libs ; then
+ find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ if [[ -d "${EROOT}"/var/run/openldap ]]; then
+ use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; }
+ chmod 0755 "${EROOT}"/var/run/openldap || die
+ fi
+ use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
+ use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2017-06-29 20:50 Patrick McLean
0 siblings, 0 replies; 15+ messages in thread
From: Patrick McLean @ 2017-06-29 20:50 UTC (permalink / raw
To: gentoo-commits
commit: d8579d0f043e8eefe774b8aec6a21316e0a6c527
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 29 20:50:02 2017 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Jun 29 20:50:27 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8579d0f
net-nds/openldap: Add patch to build with libressl-2.5.4 and call to epatch_user
Patch pulled from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219781
Gentoo-Bug: 622464
Package-Manager: Portage-2.3.6, Repoman-2.3.2
.../openldap/files/openldap-2.4.45-libressl.patch | 65 ++++++++++++++++++++++
net-nds/openldap/openldap-2.4.45.ebuild | 5 ++
2 files changed, 70 insertions(+)
diff --git a/net-nds/openldap/files/openldap-2.4.45-libressl.patch b/net-nds/openldap/files/openldap-2.4.45-libressl.patch
new file mode 100644
index 00000000000..20a65a4e0fd
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.45-libressl.patch
@@ -0,0 +1,65 @@
+--- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC
++++ libraries/libldap/tls_o.c
+@@ -47,7 +47,7 @@
+ #include <ssl.h>
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
+ #endif
+
+@@ -157,7 +157,7 @@ tlso_init( void )
+ (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ SSL_load_error_strings();
+ SSL_library_init();
+ OpenSSL_add_all_digests();
+@@ -205,7 +205,7 @@ static void
+ tlso_ctx_ref( tls_ctx *ctx )
+ {
+ tlso_ctx *c = (tlso_ctx *)ctx;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
+ #endif
+ SSL_CTX_up_ref( c );
+@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *
+ if (!x) return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval
+ return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -721,7 +721,7 @@ struct tls_data {
+ Sockbuf_IO_Desc *sbiod;
+ };
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define BIO_set_init(b, x) b->init = x
+ #define BIO_set_data(b, x) b->ptr = x
+ #define BIO_clear_flags(b, x) b->flags &= ~(x)
+@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
+ return tlso_bio_write( b, str, strlen( str ) );
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ struct bio_method_st {
+ int type;
+ const char *name;
diff --git a/net-nds/openldap/openldap-2.4.45.ebuild b/net-nds/openldap/openldap-2.4.45.ebuild
index e81d3543054..0ead191e540 100644
--- a/net-nds/openldap/openldap-2.4.45.ebuild
+++ b/net-nds/openldap/openldap-2.4.45.ebuild
@@ -344,10 +344,15 @@ src_prepare() {
# bug #420959
epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+ # bug #622464
+ epatch "${FILESDIR}"/${PN}-2.4.45-libressl.patch
+
# unbundle lmdb
epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
rm -rf "${S}"/libraries/liblmdb
+ epatch_user
+
cd "${S}"/build || die
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2017-06-23 16:14 Matt Thode
0 siblings, 0 replies; 15+ messages in thread
From: Matt Thode @ 2017-06-23 16:14 UTC (permalink / raw
To: gentoo-commits
commit: 5edbe19fbef9511ab5de32a435209c6ec0b53bf4
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 23 16:07:38 2017 +0000
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Fri Jun 23 16:14:33 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5edbe19f
net-nds/openldap: fix gnutls support in openldap-2.4.45 bug 622460
Package-Manager: Portage-2.3.6, Repoman-2.3.2
...enldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch | 109 +++++++++++++++++++++
net-nds/openldap/openldap-2.4.45.ebuild | 2 +-
2 files changed, 110 insertions(+), 1 deletion(-)
diff --git a/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch
new file mode 100644
index 00000000000..0859d53caef
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch
@@ -0,0 +1,109 @@
+If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
+Forward-port an old Debian patch that upstream never applied.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+Signed-off-by: Steffen Hau <steffen@hauihau.de>
+X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
+X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
+X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
+
+--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700
++++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700
+@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
+ typedef PK11Context *des_context[1];
+ #define DES_ENCRYPT CKA_ENCRYPT
+
++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++# include <gcrypt.h>
++static int gcrypt_init = 0;
++
++typedef const void* des_key;
++typedef unsigned char DES_cblock[8];
++typedef des_cblock des_data_block;
++typedef int DES_key_schedule; /* unused */
++typedef DES_key_schedule des_context; /* unused */
++#define des_failed(encrypted) 0
++#define des_finish(key, schedule)
++
++#define DES_set_key_unchecked( key, key_sched ) \
++ gcry_cipher_setkey( hd, key, 8 )
++
++#define DES_ecb_encrypt( input, output, key_sched, enc ) \
++ gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
++
++#define DES_set_odd_parity( key ) do {} while(0)
++
+ #endif
+
+ #endif /* SLAPD_LMHASH */
+@@ -651,7 +671,7 @@ static int chk_md5(
+
+ #ifdef SLAPD_LMHASH
+
+-#if defined(HAVE_OPENSSL)
++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
+
+ /*
+ * abstract away setting the parity.
+@@ -841,6 +861,19 @@ static int chk_lanman(
+ des_data_block StdText = "KGS!@#$%";
+ des_data_block PasswordHash1, PasswordHash2;
+ char PasswordHash[33], storedPasswordHash[33];
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_hd_t hd;
++
++ if ( !gcrypt_init ) {
++ gcry_check_version( GCRYPT_VERSION );
++ gcrypt_init = 1;
++ }
++
++ schedule = schedule; /* unused - avoid warning */
++
++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ for( i=0; i<cred->bv_len; i++) {
+ if(cred->bv_val[i] == '\0') {
+@@ -883,6 +916,10 @@ static int chk_lanman(
+ strncpy( storedPasswordHash, passwd->bv_val, 32 );
+ storedPasswordHash[32] = '\0';
+ ldap_pvt_str2lower( storedPasswordHash );
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_close( hd );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+@@ -1138,6 +1175,19 @@ static int hash_lanman(
+ des_data_block PasswordHash1, PasswordHash2;
+ char PasswordHash[33];
+
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_hd_t hd;
++
++ if ( !gcrypt_init ) {
++ gcry_check_version( GCRYPT_VERSION );
++ gcrypt_init = 1;
++ }
++
++ schedule = schedule; /* unused - avoid warning */
++
++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
++
+ for( i=0; i<passwd->bv_len; i++) {
+ if(passwd->bv_val[i] == '\0') {
+ return LUTIL_PASSWD_ERR; /* NUL character in password */
+@@ -1168,6 +1218,10 @@ static int hash_lanman(
+
+ hash->bv_val = PasswordHash;
+ hash->bv_len = 32;
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++ gcry_cipher_close( hd );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
+ return pw_string( scheme, hash );
+ }
diff --git a/net-nds/openldap/openldap-2.4.45.ebuild b/net-nds/openldap/openldap-2.4.45.ebuild
index 23c66c3db53..b2493271ba4 100644
--- a/net-nds/openldap/openldap-2.4.45.ebuild
+++ b/net-nds/openldap/openldap-2.4.45.ebuild
@@ -330,7 +330,7 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+ epatch "${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch
# bug #281495
epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2017-01-29 11:54 Aaron Bauman
0 siblings, 0 replies; 15+ messages in thread
From: Aaron Bauman @ 2017-01-29 11:54 UTC (permalink / raw
To: gentoo-commits
commit: dc4c4517ab54955eae9a06893e1fc3939a59fb8f
Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 29 11:53:39 2017 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sun Jan 29 11:53:39 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc4c4517
Revert "net-nds/openldap: security and patch cleanup wrt bug #560424"
This reverts commit 24cf260188c1d266815d1e6329547b1d52de5a1b.
net-nds/openldap/Manifest | 5 +
net-nds/openldap/files/openldap-2.3.34-slapd-conf | 64 ++
.../openldap/files/openldap-2.4.15-ppolicy.patch | 12 +
.../openldap/files/openldap-2.4.33-gnutls.patch | 60 ++
.../files/openldap-2.4.40-mdb-unbundle.patch | 136 ++++
net-nds/openldap/files/openldap-2.4.40-slapd-conf | 64 ++
net-nds/openldap/files/slapd-initd-2.4.40 | 51 ++
net-nds/openldap/files/slapd-initd-2.4.40-r1 | 65 ++
net-nds/openldap/files/slapd-initd-2.4.40-r2 | 65 ++
net-nds/openldap/openldap-2.4.38-r2.ebuild | 761 +++++++++++++++++++
net-nds/openldap/openldap-2.4.39.ebuild | 760 +++++++++++++++++++
net-nds/openldap/openldap-2.4.40-r2.ebuild | 821 ++++++++++++++++++++
net-nds/openldap/openldap-2.4.40-r4.ebuild | 821 ++++++++++++++++++++
net-nds/openldap/openldap-2.4.40.ebuild | 822 ++++++++++++++++++++
net-nds/openldap/openldap-2.4.42-r1.ebuild | 828 ++++++++++++++++++++
net-nds/openldap/openldap-2.4.42.ebuild | 818 ++++++++++++++++++++
net-nds/openldap/openldap-2.4.43-r1.ebuild | 830 +++++++++++++++++++++
net-nds/openldap/openldap-2.4.43.ebuild | 825 ++++++++++++++++++++
18 files changed, 7808 insertions(+)
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest
index 0f5b7b5..d299ef0 100644
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@@ -1,3 +1,8 @@
DIST openldap-2.3.43.tgz 3803011 SHA256 d7d2dea05362c8ac7e11bb7bf1da4cdeb07225ba8dc16974bff9f51a9f3d37e1 SHA512 2b0ebb35adbeed34673e1a55cc7a89b348ddee7ad6ce7f915ca3745198cee992aba7281bf0d56197dcfd59665935d5d3764db0ba487975e4dbc2a2507d6ea7a6 WHIRLPOOL 7457112bbad83d75f7ad01230da97511a8d983a98f7e31357dbffd79a7ed7e53057af781002cae8c610d3ad7834dfeefbd7f223798d45aea8cd00b70f5ee0e39
+DIST openldap-2.4.38.tgz 5506085 SHA256 88209a3599ec5d9354fc09bbe29b99db1ffa1b612127c06bad0c5265d0b31fd1 SHA512 df7b6b2b84102ba996f84575396c7505ada851b5f09841fd821d34fd8d62580f85ecc655e2cd3965730b44d6919d64864f56b23791f38b411d142d345f250666 WHIRLPOOL bb6a19b353f9dcde07afe78052ce9d5db5a2aaa09236b69d22da0879e74c4de8587312bad66939702db30af779f7ee9720ad792b73d225f004a1a90d80a6fed1
+DIST openldap-2.4.39.tgz 5509060 SHA256 8267c87347103fef56b783b24877c0feda1063d3cb85d070e503d076584bf8a7 SHA512 7b5ef2a69f79f0901a06f8be4ab50afc3b3e98ab1ea74a421569443d32cb43d3cf773d3f028fb5fb39908c09ee172cb4770ecc5882754877a59d29bf8f8cc059 WHIRLPOOL 90ac4cff185855d569a8033a3e35a251d75e4a2805bcfa5ba5b3605ec88b2fc244b0e95aabd33c47c9846f29c95a17e1be43650442987f6abc043667e06f15cd
+DIST openldap-2.4.40.tgz 5641865 SHA256 d12611a5c25b6499293c2bb7b435dc2b174db73e83f5a8cb7e34f2ce5fa6dadb SHA512 c803c4a82878891d60414d64dcb54a7c3f08675106ba13f50cba06034a97b3eee1c238761dd5ddad97d8c3f6675d9bbbec176d0340eb4a3bcd808f940baabab5 WHIRLPOOL 82cb6033798ac69faf4a0d1f5d7716316f5fbfc67e0f3a013b5bae461a01e3029aa6fb7d510bc14eed4f40ef83632561a3fa39aebf2be2785e3d0e0038db048c
+DIST openldap-2.4.42.tgz 5645925 SHA256 eeb7b0e2c5852bfd2650e83909bb6152835c0b862fab10b63954dc1bcbba8e63 SHA512 52d6af7610c4fdc8f965ebea04d09c38f73773a02c2e484dc111100f3d472f8b2f766ca32d9c80f5815a57745095cc7c33ad62d9165eec5b9e252ae172e7782c WHIRLPOOL e151c63bfd10f5e96c60f216925315ed788d426ba2c15ee2793a4de4bb25d01717e7bb5144814a0e6a053a5d5a0aab75213a495aa47aa13f7c3e70716c01633e
+DIST openldap-2.4.43.tgz 5654057 SHA256 34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8 SHA512 1306206bf22fcec2ccf4b91fd7eadf0207e7015f20d761a4055b0e0213fe1f4c275eec933d86220b03b558650439e74cdca07db05e8debb54d38be4e983b3631 WHIRLPOOL 0d4dc1c1f36f85c4711d0ec1d11107dac242f1d69b4f183e7762cc3ed3d7221c45bd44777e7441afe10156abc487da18f9bdf748244123dd62a241aefe7bca3f
DIST openldap-2.4.44.tgz 5658830 SHA256 d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400 SHA512 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 WHIRLPOOL 37399793d681a6489c369d663772970c62a4e1e370d4dc306bcb6fa3b9cb680139c9d940d9218aaac4618f50a63bc391b10f2aec0a134f84094ce4f7378c88ff
DIST rfc2307bis.schema-20140524 12262 SHA256 6cd8154ad86be1d6bb88a79c303dc10a49bce4ce7d21bb417a951d6496df30b1 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e WHIRLPOOL 40cef24529fb4bfc1661d03088eccdb17d9056d696b2bf0e698fa248d03f508ba776784bf8abbaffb5f4c2c59b59b29525b4be2babc978fed681e5e3c88073de
diff --git a/net-nds/openldap/files/openldap-2.3.34-slapd-conf b/net-nds/openldap/files/openldap-2.3.34-slapd-conf
new file mode 100644
index 00000000..ad767cf
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.3.34-slapd-conf
@@ -0,0 +1,64 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /etc/openldap/schema/core.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /var/run/openldap/slapd.pid
+argsfile /var/run/openldap/slapd.args
+
+# Load dynamic backend modules:
+###INSERTDYNAMICMODULESHERE###
+
+# Sample security restrictions
+# Require integrity protection (prevent hijacking)
+# Require 112-bit (3DES or better) encryption for updates
+# Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access
+# Allow authenticated users read access
+# Allow anonymous users to authenticate
+# Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+# by self write
+# by users read
+# by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn. (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database hdb
+suffix "dc=my-domain,dc=com"
+# <kbyte> <min>
+checkpoint 32 30
+rootdn "cn=Manager,dc=my-domain,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw secret
+# The database directory MUST exist prior to running slapd AND
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory /var/lib/openldap-data
+# Indices to maintain
+index objectClass eq
diff --git a/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch
new file mode 100644
index 00000000..3195ee5
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch
@@ -0,0 +1,12 @@
+--- openldap-2.4.15/clients/tools/common.c.orig 2009-02-05 15:05:03.000000000 -0800
++++ openldap-2.4.15/clients/tools/common.c 2009-03-21 01:45:14.000000000 -0700
+@@ -1315,8 +1315,8 @@
+ int nsctrls = 0;
+
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
++ LDAPControl c;
+ if ( ppolicy ) {
+- LDAPControl c;
+ c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ c.ldctl_value.bv_val = NULL;
+ c.ldctl_value.bv_len = 0;
diff --git a/net-nds/openldap/files/openldap-2.4.33-gnutls.patch b/net-nds/openldap/files/openldap-2.4.33-gnutls.patch
new file mode 100644
index 00000000..2b07c85
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.33-gnutls.patch
@@ -0,0 +1,60 @@
+From 98de912932732f1441300eb64ca3070ff1469fcf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz>
+Date: Sun, 30 Dec 2012 21:11:06 +0100
+Subject: [PATCH] GnuTLS 3.0 removed gnutls_certificate_get_x509_cas()
+
+---
+ libraries/libldap/tls_g.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
+index 40616f5..374514d 100644
+--- a/libraries/libldap/tls_g.c
++++ b/libraries/libldap/tls_g.c
+@@ -60,6 +60,12 @@
+ #undef HAVE_GCRYPT_RAND
+ #endif
+
++#if LIBGNUTLS_VERSION_NUMBER >= 0x030000
++#define HAVE_GNUTLS_CERTIFICATE_GET_ISSUER 1
++#else
++#undef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
++#endif
++
+ #ifndef HAVE_CIPHERSUITES
+ /* Versions prior to 2.2.0 didn't handle cipher suites, so we had to
+ * kludge them ourselves.
+@@ -368,6 +374,22 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ * then we have to build the cert chain.
+ */
+ if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
++#ifdef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
++ gnutls_x509_crt_t issuer;
++ unsigned int i;
++
++ for ( i = 1; i<VERIFY_DEPTH; i++ ) {
++ /* If no CA is known, we're done */
++ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1],
++ &issuer, 0 ) )
++ break;
++ certs[i] = issuer;
++ max++;
++ /* If this CA is self-signed, we're done */
++ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
++ break;
++ }
++#else
+ gnutls_x509_crt_t *cas;
+ unsigned int i, j, ncas;
+
+@@ -387,6 +409,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ if ( j == ncas )
+ break;
+ }
++#endif /* !defined HAVE_GNUTLS_CERTIFICATE_GET_ISSUER */
+ }
+ rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
+ if ( rc ) return -1;
+--
+1.8.0.2
+
diff --git a/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch b/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch
new file mode 100644
index 00000000..9265a01
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch
@@ -0,0 +1,136 @@
+--- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200
++++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200
+@@ -160,6 +160,7 @@
+ LTHREAD_LIBS = @LTHREAD_LIBS@
+
+ BDB_LIBS = @BDB_LIBS@
++MDB_LIBS = @MDB_LIBS@
+ SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
+
+ LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
+--- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200
++++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200
+@@ -563,6 +563,38 @@
+ ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
+ ])
+
++dnl --------------------------------------------------------------------
++dnl Check for version compatility with back-mdb
++AC_DEFUN([OL_MDB_COMPAT],
++[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[
++ AC_EGREP_CPP(__mdb_version_compat,[
++#include <lmdb.h>
++
++/* require 0.9.14 or later */
++#if MDB_VERSION_FULL >= 0x00000009000E
++ __mdb_version_compat
++#endif
++ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])])
++])
++
++dnl
++dnl --------------------------------------------------------------------
++dnl Find any MDB
++AC_DEFUN([OL_MDB],
++[ol_cv_mdb=no
++AC_CHECK_HEADERS(lmdb.h)
++if test $ac_cv_header_lmdb_h = yes; then
++ OL_MDB_COMPAT
++
++ if test $ol_cv_mdb_compat != yes ; then
++ AC_MSG_ERROR([LMDB version incompatible with MDB backends])
++ fi
++
++ ol_cv_lib_mdb=-llmdb
++ ol_cv_mdb=yes
++fi
++])
++
+ dnl
+ dnl ====================================================================
+ dnl Check POSIX Thread version
+--- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200
++++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200
+@@ -25,11 +25,10 @@
+ extended.lo operational.lo \
+ attr.lo index.lo key.lo filterindex.lo \
+ dn2entry.lo dn2id.lo id2entry.lo idl.lo \
+- nextid.lo monitor.lo mdb.lo midl.lo
++ nextid.lo monitor.lo
+
+ LDAP_INCDIR= ../../../include
+ LDAP_LIBDIR= ../../../libraries
+-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
+
+ BUILD_OPT = "--enable-mdb"
+ BUILD_MOD = @BUILD_MDB@
+@@ -44,7 +43,7 @@
+
+ LIBBASE = back_mdb
+
+-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR)
++XINCPATH = -I.. -I$(srcdir)/..
+ XDEFS = $(MODULES_CPPFLAGS)
+
+ all-local-lib: ../.backend
+@@ -52,11 +51,5 @@
+ ../.backend: lib$(LIBBASE).a
+ @touch $@
+
+-mdb.lo: $(MDB_SUBDIR)/mdb.c
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c
+-
+-midl.lo: $(MDB_SUBDIR)/midl.c
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c
+-
+ veryclean-local-lib: FORCE
+ $(RM) $(XXHEADERS) $(XXSRCS) .links
+--- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200
++++ ./configure.in 2014-10-24 10:51:34.372846374 +0200
+@@ -519,6 +519,7 @@
+ dnl Initialize vars
+ LDAP_LIBS=
+ BDB_LIBS=
++MDB_LIBS=
+ SLAPD_NDB_LIBS=
+ SLAPD_NDB_INCS=
+ LTHREAD_LIBS=
+@@ -1905,6 +1906,30 @@
+ fi
+
+ dnl ----------------------------------------------------------------
++ol_link_mdb=no
++
++if test $ol_enable_mdb != no; then
++ OL_MDB
++
++ if test $ol_cv_mdb = no ; then
++ AC_MSG_ERROR(MDB: LMDB not available)
++ fi
++
++ AC_DEFINE(HAVE_MDB,1,
++ [define this if LMDB is available])
++
++ dnl $ol_cv_lib_mdb should be yes or -llmdb
++ dnl (it could be no, but that would be an error
++ if test $ol_cv_lib_mdb != yes ; then
++ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb"
++ fi
++
++ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)"
++
++ ol_link_mdb=yes
++fi
++
++dnl ----------------------------------------------------------------
+
+ if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then
+ BUILD_LIBS_DYNAMIC=shared
+@@ -3133,6 +3158,7 @@
+ AC_SUBST(LDAP_LIBS)
+ AC_SUBST(SLAPD_LIBS)
+ AC_SUBST(BDB_LIBS)
++AC_SUBST(MDB_LIBS)
+ AC_SUBST(SLAPD_NDB_LIBS)
+ AC_SUBST(SLAPD_NDB_INCS)
+ AC_SUBST(LTHREAD_LIBS)
diff --git a/net-nds/openldap/files/openldap-2.4.40-slapd-conf b/net-nds/openldap/files/openldap-2.4.40-slapd-conf
new file mode 100644
index 00000000..8ecc732
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.40-slapd-conf
@@ -0,0 +1,64 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include /etc/openldap/schema/core.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral ldap://root.openldap.org
+
+pidfile /run/openldap/slapd.pid
+argsfile /run/openldap/slapd.args
+
+# Load dynamic backend modules:
+###INSERTDYNAMICMODULESHERE###
+
+# Sample security restrictions
+# Require integrity protection (prevent hijacking)
+# Require 112-bit (3DES or better) encryption for updates
+# Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access
+# Allow authenticated users read access
+# Allow anonymous users to authenticate
+# Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+# by self write
+# by users read
+# by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn. (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database hdb
+suffix "dc=my-domain,dc=com"
+# <kbyte> <min>
+checkpoint 32 30
+rootdn "cn=Manager,dc=my-domain,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw secret
+# The database directory MUST exist prior to running slapd AND
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory /var/lib/openldap-data
+# Indices to maintain
+index objectClass eq
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40 b/net-nds/openldap/files/slapd-initd-2.4.40
new file mode 100644
index 00000000..473e9fd
--- /dev/null
+++ b/net-nds/openldap/files/slapd-initd-2.4.40
@@ -0,0 +1,51 @@
+#!/sbin/openrc-run
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="checkconfig"
+
+[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
+PIDDIR=/run/openldap
+PIDFILE=$PIDDIR/$SVCNAME.pid
+
+depend() {
+ need net
+ before dbus hald avahi-daemon
+ provide ldap
+}
+
+start() {
+ checkpath -q -d ${PIDDIR} -o ldap:ldap
+ if ! checkconfig -Q ; then
+ eerror "There is a problem with your slapd.conf!"
+ return 1
+ fi
+ ebegin "Starting ldap-server"
+ [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
+ eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ldap-server"
+ start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
+ eend $?
+}
+
+checkconfig() {
+ # checks requested by bug #502948
+ for d in `awk '/^directory/{print $2}'`; do
+ if [ ! -d $d ]; then
+ eerror "Directory $d in config does not exist!"
+ return 1
+ fi
+ /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
+ if [ $? -ne 0 ]; then
+ ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
+ fi
+ [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
+ done
+ # now test the config fully
+ /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
+}
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r1 b/net-nds/openldap/files/slapd-initd-2.4.40-r1
new file mode 100644
index 00000000..3547e07
--- /dev/null
+++ b/net-nds/openldap/files/slapd-initd-2.4.40-r1
@@ -0,0 +1,65 @@
+#!/sbin/openrc-run
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="checkconfig"
+
+[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
+PIDDIR=/run/openldap
+PIDFILE=$PIDDIR/$SVCNAME.pid
+
+depend() {
+ need net
+ before dbus hald avahi-daemon
+ provide ldap
+}
+
+start() {
+ checkpath -q -d ${PIDDIR} -o ldap:ldap
+ if ! checkconfig -Q ; then
+ eerror "There is a problem with your slapd.conf!"
+ return 1
+ fi
+ ebegin "Starting ldap-server"
+ [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
+ eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ldap-server"
+ start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
+ eend $?
+}
+
+checkconfig() {
+ # checks requested by bug #502948
+ # Step 1: extract the last valid config file or config dir
+ set -- $OPTS
+ while [ -n "$*" ]; do
+ opt=$1 ; shift
+ if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then
+ CONF=$1
+ shift
+ fi
+ done
+ set --
+ # Fallback
+ CONF=${CONF-/etc/openldap/slapd.conf}
+ [ -d $CONF ] && CONF=${CONF}/*
+ DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \$2}"' $CONF`
+ for d in $DBDIRS; do
+ if [ ! -d $d ]; then
+ eerror "Directory $d in config does not exist!"
+ return 1
+ fi
+ /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
+ if [ $? -ne 0 ]; then
+ ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
+ fi
+ [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
+ done
+ # now test the config fully
+ /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
+}
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r2 b/net-nds/openldap/files/slapd-initd-2.4.40-r2
new file mode 100644
index 00000000..9ce071a
--- /dev/null
+++ b/net-nds/openldap/files/slapd-initd-2.4.40-r2
@@ -0,0 +1,65 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="checkconfig"
+
+[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
+PIDDIR=/run/openldap
+PIDFILE=$PIDDIR/$SVCNAME.pid
+
+depend() {
+ need net
+ before dbus hald avahi-daemon
+ provide ldap
+}
+
+start() {
+ checkpath -q -d ${PIDDIR} -o ldap:ldap
+ if ! checkconfig -Q ; then
+ eerror "There is a problem with your slapd.conf!"
+ return 1
+ fi
+ ebegin "Starting ldap-server"
+ [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
+ eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ldap-server"
+ start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
+ eend $?
+}
+
+checkconfig() {
+ # checks requested by bug #502948
+ # Step 1: extract the last valid config file or config dir
+ set -- $OPTS
+ while [ -n "$*" ]; do
+ opt=$1 ; shift
+ if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then
+ CONF=$1
+ shift
+ fi
+ done
+ set --
+ # Fallback
+ CONF=${CONF-/etc/openldap/slapd.conf}
+ [ -d $CONF ] && CONF=${CONF}/*
+ DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \\$2}"' $CONF`
+ for d in $DBDIRS; do
+ if [ ! -d $d ]; then
+ eerror "Directory $d in config does not exist!"
+ return 1
+ fi
+ /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
+ if [ $? -ne 0 ]; then
+ ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
+ fi
+ [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
+ done
+ # now test the config fully
+ /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
+}
diff --git a/net-nds/openldap/openldap-2.4.38-r2.ebuild b/net-nds/openldap/openldap-2.4.38-r2.ebuild
new file mode 100644
index 00000000..1706a4a
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.38-r2.ebuild
@@ -0,0 +1,761 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )"
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? ( dev-libs/openssl )
+ berkdb? ( sys-libs/db )
+ smbkrb5passwd? (
+ dev-libs/openssl
+ app-crypt/heimdal )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ NEWVER="$(use berkdb && db_findver sys-libs/db)"
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # bug #421463
+ epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ #Fix for glibc-2.8 and ucred. Bug 228457.
+ append-flags -D_GNU_SOURCE
+
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I$(db_includedir)
+ else
+ ewarn
+ ewarn "Note: if you disable berkdb, you can only use remote-backends!"
+ ewarn
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared static; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ emake \
+ DEFS="-DDO_SAMBA -DDO_KRB5 -DDO_SHADOW" \
+ KRB5_INC="$(krb5-config --cflags)" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ make tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ elog "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ newinitd "${FILESDIR}"/slapd-initd-2.4.28-r1 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ docinto contrib
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ doman allop/slapo-allop.5
+ newdoc autogroup/README autogroup-README
+ newdoc denyop/denyop.c denyop-denyop.c
+ newdoc dsaschema/README dsaschema-README
+ doman lastmod/slapo-lastmod.5
+ doman nops/slapo-nops.5
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT never' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
diff --git a/net-nds/openldap/openldap-2.4.39.ebuild b/net-nds/openldap/openldap-2.4.39.ebuild
new file mode 100644
index 00000000..8386830
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.39.ebuild
@@ -0,0 +1,760 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )"
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? ( dev-libs/openssl )
+ berkdb? ( sys-libs/db )
+ smbkrb5passwd? (
+ dev-libs/openssl
+ app-crypt/heimdal )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ NEWVER="$(use berkdb && db_findver sys-libs/db)"
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # bug #421463
+ epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ #Fix for glibc-2.8 and ucred. Bug 228457.
+ append-flags -D_GNU_SOURCE
+
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I$(db_includedir)
+ else
+ ewarn
+ ewarn "Note: if you disable berkdb, you can only use remote-backends!"
+ ewarn
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared static; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ emake \
+ DEFS="-DDO_SAMBA -DDO_KRB5 -DDO_SHADOW" \
+ KRB5_INC="$(krb5-config --cflags)" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ make tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ elog "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ newinitd "${FILESDIR}"/slapd-initd-2.4.28-r1 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ docinto contrib
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ doman allop/slapo-allop.5
+ newdoc autogroup/README autogroup-README
+ newdoc denyop/denyop.c denyop-denyop.c
+ newdoc dsaschema/README dsaschema-README
+ doman lastmod/slapo-lastmod.5
+ doman nops/slapo-nops.5
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT never' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
diff --git a/net-nds/openldap/openldap-2.4.40-r2.ebuild b/net-nds/openldap/openldap-2.4.40-r2.ebuild
new file mode 100644
index 00000000..ffe3d74
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.40-r2.ebuild
@@ -0,0 +1,821 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ sys-libs/e2fsprogs-libs
+ >=dev-db/lmdb-0.9.14
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? ( dev-libs/openssl )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in $BDB_SLOTS ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "$NEWVER" ]] && break
+ done
+ fi
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # bug #421463
+ #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
+
+ # unbundle lmdb
+ epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
+ rm -rf "${S}"/libraries/liblmdb
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ #Fix for glibc-2.8 and ucred. Bug 228457.
+ append-cppflags -D_GNU_SOURCE
+
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir $BDB_SLOTS)
+ einfo "Using $DBINCLUDE for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+ use static-libs || prune_libtool_files --all
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ newinitd "${FILESDIR}"/slapd-initd-2.4.40-r1 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ einfo "Install systemd service"
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
diff --git a/net-nds/openldap/openldap-2.4.40-r4.ebuild b/net-nds/openldap/openldap-2.4.40-r4.ebuild
new file mode 100644
index 00000000..26c2ac1
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.40-r4.ebuild
@@ -0,0 +1,821 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ sys-libs/e2fsprogs-libs
+ >=dev-db/lmdb-0.9.14
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? ( dev-libs/openssl )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in $BDB_SLOTS ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "$NEWVER" ]] && break
+ done
+ fi
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # bug #421463
+ #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
+
+ # unbundle lmdb
+ epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
+ rm -rf "${S}"/libraries/liblmdb
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ #Fix for glibc-2.8 and ucred. Bug 228457.
+ append-cppflags -D_GNU_SOURCE
+
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir $BDB_SLOTS)
+ einfo "Using $DBINCLUDE for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+ use static-libs || prune_libtool_files --all
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ einfo "Install systemd service"
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
diff --git a/net-nds/openldap/openldap-2.4.40.ebuild b/net-nds/openldap/openldap-2.4.40.ebuild
new file mode 100644
index 00000000..5c7a172
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.40.ebuild
@@ -0,0 +1,822 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )"
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ sys-libs/e2fsprogs-libs
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? ( dev-libs/openssl )
+ berkdb? ( sys-libs/db )
+ smbkrb5passwd? (
+ dev-libs/openssl
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+
+ # USE=-minimal
+ /usr/include/lmdb.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ NEWVER="$(use berkdb && db_findver sys-libs/db)"
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # bug #421463
+ #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
+
+ sed -i.orig \
+ -e '/IDOCS.*DESTDIR/s,/man/man1,/share/man/man1,g' \
+ -e '/ILIBS.*DESTDIR/s,/lib,/$(LIBDIR),g' \
+ "${S}"/libraries/liblmdb/Makefile \
+ || die "Failed to fix LMDB manpage install location"
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ #Fix for glibc-2.8 and ucred. Bug 228457.
+ append-cppflags -D_GNU_SOURCE
+
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I$(db_includedir)
+ else
+ ewarn
+ ewarn "Note: if you disable berkdb, you can only use remote-backends!"
+ ewarn
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ # LMDB tools
+ cp -ral "${S}"/libraries/liblmdb "${BUILD_DIR}"/libraries/liblmdb || die
+ cd "${BUILD_DIR}"/libraries/liblmdb || die
+ emake CC="${CC}" CXX="${CXX}" OPT="${CFLAGS}" prefix="${EPREFIX}/usr" DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash LIBDIR="$(get_libdir)"
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ make tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+ use static-libs || prune_libtool_files --all
+
+ if ! use minimal && multilib_is_native_abi; then
+ # LMDB tools
+ cd "${BUILD_DIR}"/libraries/liblmdb || die
+ dodir /usr/include /usr/lib /usr/bin /usr/share/man/man1 # otherwise this will make them files :-(
+ emake CC="${CC}" CXX="${CXX}" OPT="${CFLAGS}" prefix="${EPREFIX}/usr" DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash LIBDIR="$(get_libdir)" install
+
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ newinitd "${FILESDIR}"/slapd-initd-2.4.40 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ einfo "Install systemd service"
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ docinto liblmdb ; dodoc "${S}"/libraries/liblmdb/{sample*txt,CHANGES,COPYRIGHT,LICENSE}
+ doman "${S}"/libraries/liblmdb/*.1
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
diff --git a/net-nds/openldap/openldap-2.4.42-r1.ebuild b/net-nds/openldap/openldap-2.4.42-r1.ebuild
new file mode 100644
index 00000000..e7033de
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.42-r1.ebuild
@@ -0,0 +1,828 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )
+ ?? ( gnutls libressl )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? (
+ !gnutls? (
+ !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
+ )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
+ libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
+ >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ sys-libs/e2fsprogs-libs
+ >=dev-db/lmdb-0.9.17
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in $BDB_SLOTS ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "$NEWVER" ]] && break
+ done
+ fi
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # bug #421463
+ #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
+
+ # unbundle lmdb
+ epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
+ rm -rf "${S}"/libraries/liblmdb
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir $BDB_SLOTS)
+ einfo "Using $DBINCLUDE for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+ use static-libs || prune_libtool_files --all
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ einfo "Install systemd service"
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
diff --git a/net-nds/openldap/openldap-2.4.42.ebuild b/net-nds/openldap/openldap-2.4.42.ebuild
new file mode 100644
index 00000000..4aa1760
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.42.ebuild
@@ -0,0 +1,818 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ sys-libs/e2fsprogs-libs
+ >=dev-db/lmdb-0.9.17
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? ( dev-libs/openssl )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in $BDB_SLOTS ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "$NEWVER" ]] && break
+ done
+ fi
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # bug #421463
+ #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
+
+ # unbundle lmdb
+ epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
+ rm -rf "${S}"/libraries/liblmdb
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir $BDB_SLOTS)
+ einfo "Using $DBINCLUDE for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+ use static-libs || prune_libtool_files --all
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ einfo "Install systemd service"
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
diff --git a/net-nds/openldap/openldap-2.4.43-r1.ebuild b/net-nds/openldap/openldap-2.4.43-r1.ebuild
new file mode 100644
index 00000000..ee27b3c
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.43-r1.ebuild
@@ -0,0 +1,830 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
+IUSE_CONTRIB="smbkrb5passwd kerberos kinit"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )
+ ?? ( gnutls libressl )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? (
+ !gnutls? (
+ !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
+ )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
+ libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
+ >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ sys-libs/e2fsprogs-libs
+ >=dev-db/lmdb-0.9.17
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? (
+ virtual/krb5
+ kinit? ( !app-crypt/heimdal )
+ )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in $BDB_SLOTS ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "$NEWVER" ]] && break
+ done
+ fi
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # unbundle lmdb
+ epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
+ rm -rf "${S}"/libraries/liblmdb
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir $BDB_SLOTS)
+ einfo "Using $DBINCLUDE for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ if use kinit ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ fi
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+ use static-libs || prune_libtool_files --all
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ einfo "Install systemd service"
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
diff --git a/net-nds/openldap/openldap-2.4.43.ebuild b/net-nds/openldap/openldap-2.4.43.ebuild
new file mode 100644
index 00000000..dd6af16
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.43.ebuild
@@ -0,0 +1,825 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )
+ ?? ( gnutls libressl )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? (
+ !gnutls? (
+ !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
+ )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
+ libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
+ >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ sys-libs/e2fsprogs-libs
+ >=dev-db/lmdb-0.9.17
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl:=[-build(-)] )
+ samba? (
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in $BDB_SLOTS ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "$NEWVER" ]] && break
+ done
+ fi
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ # The user/group are only used for running daemons which are
+ # disabled in minimal builds, so elide the accounts too.
+ if ! use minimal ; then
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+ fi
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # unbundle lmdb
+ epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
+ rm -rf "${S}"/libraries/liblmdb
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir $BDB_SLOTS)
+ einfo "Using $DBINCLUDE for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ # Some cross-compiling tests don't pan out well.
+ tc-is-cross-compiler && myconf+=(
+ --with-yielding-select=yes
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+ use static-libs || prune_libtool_files --all
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ einfo "Install systemd service"
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2017-01-29 7:05 Aaron Bauman
0 siblings, 0 replies; 15+ messages in thread
From: Aaron Bauman @ 2017-01-29 7:05 UTC (permalink / raw
To: gentoo-commits
commit: 24cf260188c1d266815d1e6329547b1d52de5a1b
Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 29 07:03:53 2017 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sun Jan 29 07:03:53 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24cf2601
net-nds/openldap: security and patch cleanup wrt bug #560424
net-nds/openldap/Manifest | 5 -
net-nds/openldap/files/openldap-2.3.34-slapd-conf | 64 --
.../openldap/files/openldap-2.4.15-ppolicy.patch | 12 -
.../openldap/files/openldap-2.4.33-gnutls.patch | 60 --
.../files/openldap-2.4.40-mdb-unbundle.patch | 136 ----
net-nds/openldap/files/openldap-2.4.40-slapd-conf | 64 --
net-nds/openldap/files/slapd-initd-2.4.40 | 51 --
net-nds/openldap/files/slapd-initd-2.4.40-r1 | 65 --
net-nds/openldap/files/slapd-initd-2.4.40-r2 | 65 --
net-nds/openldap/openldap-2.4.38-r2.ebuild | 761 -------------------
net-nds/openldap/openldap-2.4.39.ebuild | 760 -------------------
net-nds/openldap/openldap-2.4.40-r2.ebuild | 821 --------------------
net-nds/openldap/openldap-2.4.40-r4.ebuild | 821 --------------------
net-nds/openldap/openldap-2.4.40.ebuild | 822 --------------------
net-nds/openldap/openldap-2.4.42-r1.ebuild | 828 --------------------
net-nds/openldap/openldap-2.4.42.ebuild | 818 --------------------
net-nds/openldap/openldap-2.4.43-r1.ebuild | 830 ---------------------
net-nds/openldap/openldap-2.4.43.ebuild | 825 --------------------
18 files changed, 7808 deletions(-)
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest
index d299ef0..0f5b7b5 100644
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@@ -1,8 +1,3 @@
DIST openldap-2.3.43.tgz 3803011 SHA256 d7d2dea05362c8ac7e11bb7bf1da4cdeb07225ba8dc16974bff9f51a9f3d37e1 SHA512 2b0ebb35adbeed34673e1a55cc7a89b348ddee7ad6ce7f915ca3745198cee992aba7281bf0d56197dcfd59665935d5d3764db0ba487975e4dbc2a2507d6ea7a6 WHIRLPOOL 7457112bbad83d75f7ad01230da97511a8d983a98f7e31357dbffd79a7ed7e53057af781002cae8c610d3ad7834dfeefbd7f223798d45aea8cd00b70f5ee0e39
-DIST openldap-2.4.38.tgz 5506085 SHA256 88209a3599ec5d9354fc09bbe29b99db1ffa1b612127c06bad0c5265d0b31fd1 SHA512 df7b6b2b84102ba996f84575396c7505ada851b5f09841fd821d34fd8d62580f85ecc655e2cd3965730b44d6919d64864f56b23791f38b411d142d345f250666 WHIRLPOOL bb6a19b353f9dcde07afe78052ce9d5db5a2aaa09236b69d22da0879e74c4de8587312bad66939702db30af779f7ee9720ad792b73d225f004a1a90d80a6fed1
-DIST openldap-2.4.39.tgz 5509060 SHA256 8267c87347103fef56b783b24877c0feda1063d3cb85d070e503d076584bf8a7 SHA512 7b5ef2a69f79f0901a06f8be4ab50afc3b3e98ab1ea74a421569443d32cb43d3cf773d3f028fb5fb39908c09ee172cb4770ecc5882754877a59d29bf8f8cc059 WHIRLPOOL 90ac4cff185855d569a8033a3e35a251d75e4a2805bcfa5ba5b3605ec88b2fc244b0e95aabd33c47c9846f29c95a17e1be43650442987f6abc043667e06f15cd
-DIST openldap-2.4.40.tgz 5641865 SHA256 d12611a5c25b6499293c2bb7b435dc2b174db73e83f5a8cb7e34f2ce5fa6dadb SHA512 c803c4a82878891d60414d64dcb54a7c3f08675106ba13f50cba06034a97b3eee1c238761dd5ddad97d8c3f6675d9bbbec176d0340eb4a3bcd808f940baabab5 WHIRLPOOL 82cb6033798ac69faf4a0d1f5d7716316f5fbfc67e0f3a013b5bae461a01e3029aa6fb7d510bc14eed4f40ef83632561a3fa39aebf2be2785e3d0e0038db048c
-DIST openldap-2.4.42.tgz 5645925 SHA256 eeb7b0e2c5852bfd2650e83909bb6152835c0b862fab10b63954dc1bcbba8e63 SHA512 52d6af7610c4fdc8f965ebea04d09c38f73773a02c2e484dc111100f3d472f8b2f766ca32d9c80f5815a57745095cc7c33ad62d9165eec5b9e252ae172e7782c WHIRLPOOL e151c63bfd10f5e96c60f216925315ed788d426ba2c15ee2793a4de4bb25d01717e7bb5144814a0e6a053a5d5a0aab75213a495aa47aa13f7c3e70716c01633e
-DIST openldap-2.4.43.tgz 5654057 SHA256 34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8 SHA512 1306206bf22fcec2ccf4b91fd7eadf0207e7015f20d761a4055b0e0213fe1f4c275eec933d86220b03b558650439e74cdca07db05e8debb54d38be4e983b3631 WHIRLPOOL 0d4dc1c1f36f85c4711d0ec1d11107dac242f1d69b4f183e7762cc3ed3d7221c45bd44777e7441afe10156abc487da18f9bdf748244123dd62a241aefe7bca3f
DIST openldap-2.4.44.tgz 5658830 SHA256 d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400 SHA512 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 WHIRLPOOL 37399793d681a6489c369d663772970c62a4e1e370d4dc306bcb6fa3b9cb680139c9d940d9218aaac4618f50a63bc391b10f2aec0a134f84094ce4f7378c88ff
DIST rfc2307bis.schema-20140524 12262 SHA256 6cd8154ad86be1d6bb88a79c303dc10a49bce4ce7d21bb417a951d6496df30b1 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e WHIRLPOOL 40cef24529fb4bfc1661d03088eccdb17d9056d696b2bf0e698fa248d03f508ba776784bf8abbaffb5f4c2c59b59b29525b4be2babc978fed681e5e3c88073de
diff --git a/net-nds/openldap/files/openldap-2.3.34-slapd-conf b/net-nds/openldap/files/openldap-2.3.34-slapd-conf
deleted file mode 100644
index ad767cf..00000000
--- a/net-nds/openldap/files/openldap-2.3.34-slapd-conf
+++ /dev/null
@@ -1,64 +0,0 @@
-#
-# See slapd.conf(5) for details on configuration options.
-# This file should NOT be world readable.
-#
-include /etc/openldap/schema/core.schema
-
-# Define global ACLs to disable default read access.
-
-# Do not enable referrals until AFTER you have a working directory
-# service AND an understanding of referrals.
-#referral ldap://root.openldap.org
-
-pidfile /var/run/openldap/slapd.pid
-argsfile /var/run/openldap/slapd.args
-
-# Load dynamic backend modules:
-###INSERTDYNAMICMODULESHERE###
-
-# Sample security restrictions
-# Require integrity protection (prevent hijacking)
-# Require 112-bit (3DES or better) encryption for updates
-# Require 63-bit encryption for simple bind
-# security ssf=1 update_ssf=112 simple_bind=64
-
-# Sample access control policy:
-# Root DSE: allow anyone to read it
-# Subschema (sub)entry DSE: allow anyone to read it
-# Other DSEs:
-# Allow self write access
-# Allow authenticated users read access
-# Allow anonymous users to authenticate
-# Directives needed to implement policy:
-# access to dn.base="" by * read
-# access to dn.base="cn=Subschema" by * read
-# access to *
-# by self write
-# by users read
-# by anonymous auth
-#
-# if no access controls are present, the default policy
-# allows anyone and everyone to read anything but restricts
-# updates to rootdn. (e.g., "access to * by * read")
-#
-# rootdn can always read and write EVERYTHING!
-
-#######################################################################
-# BDB database definitions
-#######################################################################
-
-database hdb
-suffix "dc=my-domain,dc=com"
-# <kbyte> <min>
-checkpoint 32 30
-rootdn "cn=Manager,dc=my-domain,dc=com"
-# Cleartext passwords, especially for the rootdn, should
-# be avoid. See slappasswd(8) and slapd.conf(5) for details.
-# Use of strong authentication encouraged.
-rootpw secret
-# The database directory MUST exist prior to running slapd AND
-# should only be accessible by the slapd and slap tools.
-# Mode 700 recommended.
-directory /var/lib/openldap-data
-# Indices to maintain
-index objectClass eq
diff --git a/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch
deleted file mode 100644
index 3195ee5..00000000
--- a/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- openldap-2.4.15/clients/tools/common.c.orig 2009-02-05 15:05:03.000000000 -0800
-+++ openldap-2.4.15/clients/tools/common.c 2009-03-21 01:45:14.000000000 -0700
-@@ -1315,8 +1315,8 @@
- int nsctrls = 0;
-
- #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
-+ LDAPControl c;
- if ( ppolicy ) {
-- LDAPControl c;
- c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
- c.ldctl_value.bv_val = NULL;
- c.ldctl_value.bv_len = 0;
diff --git a/net-nds/openldap/files/openldap-2.4.33-gnutls.patch b/net-nds/openldap/files/openldap-2.4.33-gnutls.patch
deleted file mode 100644
index 2b07c85..00000000
--- a/net-nds/openldap/files/openldap-2.4.33-gnutls.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 98de912932732f1441300eb64ca3070ff1469fcf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz>
-Date: Sun, 30 Dec 2012 21:11:06 +0100
-Subject: [PATCH] GnuTLS 3.0 removed gnutls_certificate_get_x509_cas()
-
----
- libraries/libldap/tls_g.c | 23 +++++++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
-index 40616f5..374514d 100644
---- a/libraries/libldap/tls_g.c
-+++ b/libraries/libldap/tls_g.c
-@@ -60,6 +60,12 @@
- #undef HAVE_GCRYPT_RAND
- #endif
-
-+#if LIBGNUTLS_VERSION_NUMBER >= 0x030000
-+#define HAVE_GNUTLS_CERTIFICATE_GET_ISSUER 1
-+#else
-+#undef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
-+#endif
-+
- #ifndef HAVE_CIPHERSUITES
- /* Versions prior to 2.2.0 didn't handle cipher suites, so we had to
- * kludge them ourselves.
-@@ -368,6 +374,22 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
- * then we have to build the cert chain.
- */
- if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
-+#ifdef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
-+ gnutls_x509_crt_t issuer;
-+ unsigned int i;
-+
-+ for ( i = 1; i<VERIFY_DEPTH; i++ ) {
-+ /* If no CA is known, we're done */
-+ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1],
-+ &issuer, 0 ) )
-+ break;
-+ certs[i] = issuer;
-+ max++;
-+ /* If this CA is self-signed, we're done */
-+ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
-+ break;
-+ }
-+#else
- gnutls_x509_crt_t *cas;
- unsigned int i, j, ncas;
-
-@@ -387,6 +409,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
- if ( j == ncas )
- break;
- }
-+#endif /* !defined HAVE_GNUTLS_CERTIFICATE_GET_ISSUER */
- }
- rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
- if ( rc ) return -1;
---
-1.8.0.2
-
diff --git a/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch b/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch
deleted file mode 100644
index 9265a01..00000000
--- a/net-nds/openldap/files/openldap-2.4.40-mdb-unbundle.patch
+++ /dev/null
@@ -1,136 +0,0 @@
---- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200
-+++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200
-@@ -160,6 +160,7 @@
- LTHREAD_LIBS = @LTHREAD_LIBS@
-
- BDB_LIBS = @BDB_LIBS@
-+MDB_LIBS = @MDB_LIBS@
- SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
-
- LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
---- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200
-+++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200
-@@ -563,6 +563,38 @@
- ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
- ])
-
-+dnl --------------------------------------------------------------------
-+dnl Check for version compatility with back-mdb
-+AC_DEFUN([OL_MDB_COMPAT],
-+[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[
-+ AC_EGREP_CPP(__mdb_version_compat,[
-+#include <lmdb.h>
-+
-+/* require 0.9.14 or later */
-+#if MDB_VERSION_FULL >= 0x00000009000E
-+ __mdb_version_compat
-+#endif
-+ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])])
-+])
-+
-+dnl
-+dnl --------------------------------------------------------------------
-+dnl Find any MDB
-+AC_DEFUN([OL_MDB],
-+[ol_cv_mdb=no
-+AC_CHECK_HEADERS(lmdb.h)
-+if test $ac_cv_header_lmdb_h = yes; then
-+ OL_MDB_COMPAT
-+
-+ if test $ol_cv_mdb_compat != yes ; then
-+ AC_MSG_ERROR([LMDB version incompatible with MDB backends])
-+ fi
-+
-+ ol_cv_lib_mdb=-llmdb
-+ ol_cv_mdb=yes
-+fi
-+])
-+
- dnl
- dnl ====================================================================
- dnl Check POSIX Thread version
---- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200
-+++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200
-@@ -25,11 +25,10 @@
- extended.lo operational.lo \
- attr.lo index.lo key.lo filterindex.lo \
- dn2entry.lo dn2id.lo id2entry.lo idl.lo \
-- nextid.lo monitor.lo mdb.lo midl.lo
-+ nextid.lo monitor.lo
-
- LDAP_INCDIR= ../../../include
- LDAP_LIBDIR= ../../../libraries
--MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
-
- BUILD_OPT = "--enable-mdb"
- BUILD_MOD = @BUILD_MDB@
-@@ -44,7 +43,7 @@
-
- LIBBASE = back_mdb
-
--XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR)
-+XINCPATH = -I.. -I$(srcdir)/..
- XDEFS = $(MODULES_CPPFLAGS)
-
- all-local-lib: ../.backend
-@@ -52,11 +51,5 @@
- ../.backend: lib$(LIBBASE).a
- @touch $@
-
--mdb.lo: $(MDB_SUBDIR)/mdb.c
-- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c
--
--midl.lo: $(MDB_SUBDIR)/midl.c
-- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c
--
- veryclean-local-lib: FORCE
- $(RM) $(XXHEADERS) $(XXSRCS) .links
---- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200
-+++ ./configure.in 2014-10-24 10:51:34.372846374 +0200
-@@ -519,6 +519,7 @@
- dnl Initialize vars
- LDAP_LIBS=
- BDB_LIBS=
-+MDB_LIBS=
- SLAPD_NDB_LIBS=
- SLAPD_NDB_INCS=
- LTHREAD_LIBS=
-@@ -1905,6 +1906,30 @@
- fi
-
- dnl ----------------------------------------------------------------
-+ol_link_mdb=no
-+
-+if test $ol_enable_mdb != no; then
-+ OL_MDB
-+
-+ if test $ol_cv_mdb = no ; then
-+ AC_MSG_ERROR(MDB: LMDB not available)
-+ fi
-+
-+ AC_DEFINE(HAVE_MDB,1,
-+ [define this if LMDB is available])
-+
-+ dnl $ol_cv_lib_mdb should be yes or -llmdb
-+ dnl (it could be no, but that would be an error
-+ if test $ol_cv_lib_mdb != yes ; then
-+ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb"
-+ fi
-+
-+ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)"
-+
-+ ol_link_mdb=yes
-+fi
-+
-+dnl ----------------------------------------------------------------
-
- if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then
- BUILD_LIBS_DYNAMIC=shared
-@@ -3133,6 +3158,7 @@
- AC_SUBST(LDAP_LIBS)
- AC_SUBST(SLAPD_LIBS)
- AC_SUBST(BDB_LIBS)
-+AC_SUBST(MDB_LIBS)
- AC_SUBST(SLAPD_NDB_LIBS)
- AC_SUBST(SLAPD_NDB_INCS)
- AC_SUBST(LTHREAD_LIBS)
diff --git a/net-nds/openldap/files/openldap-2.4.40-slapd-conf b/net-nds/openldap/files/openldap-2.4.40-slapd-conf
deleted file mode 100644
index 8ecc732..00000000
--- a/net-nds/openldap/files/openldap-2.4.40-slapd-conf
+++ /dev/null
@@ -1,64 +0,0 @@
-#
-# See slapd.conf(5) for details on configuration options.
-# This file should NOT be world readable.
-#
-include /etc/openldap/schema/core.schema
-
-# Define global ACLs to disable default read access.
-
-# Do not enable referrals until AFTER you have a working directory
-# service AND an understanding of referrals.
-#referral ldap://root.openldap.org
-
-pidfile /run/openldap/slapd.pid
-argsfile /run/openldap/slapd.args
-
-# Load dynamic backend modules:
-###INSERTDYNAMICMODULESHERE###
-
-# Sample security restrictions
-# Require integrity protection (prevent hijacking)
-# Require 112-bit (3DES or better) encryption for updates
-# Require 63-bit encryption for simple bind
-# security ssf=1 update_ssf=112 simple_bind=64
-
-# Sample access control policy:
-# Root DSE: allow anyone to read it
-# Subschema (sub)entry DSE: allow anyone to read it
-# Other DSEs:
-# Allow self write access
-# Allow authenticated users read access
-# Allow anonymous users to authenticate
-# Directives needed to implement policy:
-# access to dn.base="" by * read
-# access to dn.base="cn=Subschema" by * read
-# access to *
-# by self write
-# by users read
-# by anonymous auth
-#
-# if no access controls are present, the default policy
-# allows anyone and everyone to read anything but restricts
-# updates to rootdn. (e.g., "access to * by * read")
-#
-# rootdn can always read and write EVERYTHING!
-
-#######################################################################
-# BDB database definitions
-#######################################################################
-
-database hdb
-suffix "dc=my-domain,dc=com"
-# <kbyte> <min>
-checkpoint 32 30
-rootdn "cn=Manager,dc=my-domain,dc=com"
-# Cleartext passwords, especially for the rootdn, should
-# be avoid. See slappasswd(8) and slapd.conf(5) for details.
-# Use of strong authentication encouraged.
-rootpw secret
-# The database directory MUST exist prior to running slapd AND
-# should only be accessible by the slapd and slap tools.
-# Mode 700 recommended.
-directory /var/lib/openldap-data
-# Indices to maintain
-index objectClass eq
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40 b/net-nds/openldap/files/slapd-initd-2.4.40
deleted file mode 100644
index 473e9fd..00000000
--- a/net-nds/openldap/files/slapd-initd-2.4.40
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="checkconfig"
-
-[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
-PIDDIR=/run/openldap
-PIDFILE=$PIDDIR/$SVCNAME.pid
-
-depend() {
- need net
- before dbus hald avahi-daemon
- provide ldap
-}
-
-start() {
- checkpath -q -d ${PIDDIR} -o ldap:ldap
- if ! checkconfig -Q ; then
- eerror "There is a problem with your slapd.conf!"
- return 1
- fi
- ebegin "Starting ldap-server"
- [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
- eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
- eend $?
-}
-
-stop() {
- ebegin "Stopping ldap-server"
- start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
- eend $?
-}
-
-checkconfig() {
- # checks requested by bug #502948
- for d in `awk '/^directory/{print $2}'`; do
- if [ ! -d $d ]; then
- eerror "Directory $d in config does not exist!"
- return 1
- fi
- /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
- if [ $? -ne 0 ]; then
- ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
- fi
- [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
- done
- # now test the config fully
- /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
-}
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r1 b/net-nds/openldap/files/slapd-initd-2.4.40-r1
deleted file mode 100644
index 3547e07..00000000
--- a/net-nds/openldap/files/slapd-initd-2.4.40-r1
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="checkconfig"
-
-[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
-PIDDIR=/run/openldap
-PIDFILE=$PIDDIR/$SVCNAME.pid
-
-depend() {
- need net
- before dbus hald avahi-daemon
- provide ldap
-}
-
-start() {
- checkpath -q -d ${PIDDIR} -o ldap:ldap
- if ! checkconfig -Q ; then
- eerror "There is a problem with your slapd.conf!"
- return 1
- fi
- ebegin "Starting ldap-server"
- [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
- eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
- eend $?
-}
-
-stop() {
- ebegin "Stopping ldap-server"
- start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
- eend $?
-}
-
-checkconfig() {
- # checks requested by bug #502948
- # Step 1: extract the last valid config file or config dir
- set -- $OPTS
- while [ -n "$*" ]; do
- opt=$1 ; shift
- if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then
- CONF=$1
- shift
- fi
- done
- set --
- # Fallback
- CONF=${CONF-/etc/openldap/slapd.conf}
- [ -d $CONF ] && CONF=${CONF}/*
- DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \$2}"' $CONF`
- for d in $DBDIRS; do
- if [ ! -d $d ]; then
- eerror "Directory $d in config does not exist!"
- return 1
- fi
- /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
- if [ $? -ne 0 ]; then
- ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
- fi
- [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
- done
- # now test the config fully
- /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
-}
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r2 b/net-nds/openldap/files/slapd-initd-2.4.40-r2
deleted file mode 100644
index 9ce071a..00000000
--- a/net-nds/openldap/files/slapd-initd-2.4.40-r2
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="checkconfig"
-
-[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
-PIDDIR=/run/openldap
-PIDFILE=$PIDDIR/$SVCNAME.pid
-
-depend() {
- need net
- before dbus hald avahi-daemon
- provide ldap
-}
-
-start() {
- checkpath -q -d ${PIDDIR} -o ldap:ldap
- if ! checkconfig -Q ; then
- eerror "There is a problem with your slapd.conf!"
- return 1
- fi
- ebegin "Starting ldap-server"
- [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
- eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
- eend $?
-}
-
-stop() {
- ebegin "Stopping ldap-server"
- start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE}
- eend $?
-}
-
-checkconfig() {
- # checks requested by bug #502948
- # Step 1: extract the last valid config file or config dir
- set -- $OPTS
- while [ -n "$*" ]; do
- opt=$1 ; shift
- if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then
- CONF=$1
- shift
- fi
- done
- set --
- # Fallback
- CONF=${CONF-/etc/openldap/slapd.conf}
- [ -d $CONF ] && CONF=${CONF}/*
- DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \\$2}"' $CONF`
- for d in $DBDIRS; do
- if [ ! -d $d ]; then
- eerror "Directory $d in config does not exist!"
- return 1
- fi
- /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq .
- if [ $? -ne 0 ]; then
- ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!"
- fi
- [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal"
- done
- # now test the config fully
- /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
-}
diff --git a/net-nds/openldap/openldap-2.4.38-r2.ebuild b/net-nds/openldap/openldap-2.4.38-r2.ebuild
deleted file mode 100644
index 1706a4a..00000000
--- a/net-nds/openldap/openldap-2.4.38-r2.ebuild
+++ /dev/null
@@ -1,761 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? ( sys-libs/db )
- smbkrb5passwd? (
- dev-libs/openssl
- app-crypt/heimdal )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- NEWVER="$(use berkdb && db_findver sys-libs/db)"
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-flags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I$(db_includedir)
- else
- ewarn
- ewarn "Note: if you disable berkdb, you can only use remote-backends!"
- ewarn
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared static; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- emake \
- DEFS="-DDO_SAMBA -DDO_KRB5 -DDO_SHADOW" \
- KRB5_INC="$(krb5-config --cflags)" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- make tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- elog "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- newinitd "${FILESDIR}"/slapd-initd-2.4.28-r1 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- docinto contrib
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- doman allop/slapo-allop.5
- newdoc autogroup/README autogroup-README
- newdoc denyop/denyop.c denyop-denyop.c
- newdoc dsaschema/README dsaschema-README
- doman lastmod/slapo-lastmod.5
- doman nops/slapo-nops.5
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT never' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.39.ebuild b/net-nds/openldap/openldap-2.4.39.ebuild
deleted file mode 100644
index 8386830..00000000
--- a/net-nds/openldap/openldap-2.4.39.ebuild
+++ /dev/null
@@ -1,760 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? ( sys-libs/db )
- smbkrb5passwd? (
- dev-libs/openssl
- app-crypt/heimdal )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- NEWVER="$(use berkdb && db_findver sys-libs/db)"
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-flags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I$(db_includedir)
- else
- ewarn
- ewarn "Note: if you disable berkdb, you can only use remote-backends!"
- ewarn
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared static; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- emake \
- DEFS="-DDO_SAMBA -DDO_KRB5 -DDO_SHADOW" \
- KRB5_INC="$(krb5-config --cflags)" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- make tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- elog "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- newinitd "${FILESDIR}"/slapd-initd-2.4.28-r1 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- docinto contrib
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- doman allop/slapo-allop.5
- newdoc autogroup/README autogroup-README
- newdoc denyop/denyop.c denyop-denyop.c
- newdoc dsaschema/README dsaschema-README
- doman lastmod/slapo-lastmod.5
- doman nops/slapo-nops.5
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT never' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.40-r2.ebuild b/net-nds/openldap/openldap-2.4.40-r2.ebuild
deleted file mode 100644
index ffe3d74..00000000
--- a/net-nds/openldap/openldap-2.4.40-r2.ebuild
+++ /dev/null
@@ -1,821 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.14
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- dev-libs/openssl
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-cppflags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r1 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.40-r4.ebuild b/net-nds/openldap/openldap-2.4.40-r4.ebuild
deleted file mode 100644
index 26c2ac1..00000000
--- a/net-nds/openldap/openldap-2.4.40-r4.ebuild
+++ /dev/null
@@ -1,821 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.14
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- dev-libs/openssl
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-cppflags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.40.ebuild b/net-nds/openldap/openldap-2.4.40.ebuild
deleted file mode 100644
index 5c7a172..00000000
--- a/net-nds/openldap/openldap-2.4.40.ebuild
+++ /dev/null
@@ -1,822 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? ( sys-libs/db )
- smbkrb5passwd? (
- dev-libs/openssl
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-
- # USE=-minimal
- /usr/include/lmdb.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- NEWVER="$(use berkdb && db_findver sys-libs/db)"
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- sed -i.orig \
- -e '/IDOCS.*DESTDIR/s,/man/man1,/share/man/man1,g' \
- -e '/ILIBS.*DESTDIR/s,/lib,/$(LIBDIR),g' \
- "${S}"/libraries/liblmdb/Makefile \
- || die "Failed to fix LMDB manpage install location"
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- #Fix for glibc-2.8 and ucred. Bug 228457.
- append-cppflags -D_GNU_SOURCE
-
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I$(db_includedir)
- else
- ewarn
- ewarn "Note: if you disable berkdb, you can only use remote-backends!"
- ewarn
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- # LMDB tools
- cp -ral "${S}"/libraries/liblmdb "${BUILD_DIR}"/libraries/liblmdb || die
- cd "${BUILD_DIR}"/libraries/liblmdb || die
- emake CC="${CC}" CXX="${CXX}" OPT="${CFLAGS}" prefix="${EPREFIX}/usr" DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash LIBDIR="$(get_libdir)"
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- make tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # LMDB tools
- cd "${BUILD_DIR}"/libraries/liblmdb || die
- dodir /usr/include /usr/lib /usr/bin /usr/share/man/man1 # otherwise this will make them files :-(
- emake CC="${CC}" CXX="${CXX}" OPT="${CFLAGS}" prefix="${EPREFIX}/usr" DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash LIBDIR="$(get_libdir)" install
-
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- docinto liblmdb ; dodoc "${S}"/libraries/liblmdb/{sample*txt,CHANGES,COPYRIGHT,LICENSE}
- doman "${S}"/libraries/liblmdb/*.1
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.42-r1.ebuild b/net-nds/openldap/openldap-2.4.42-r1.ebuild
deleted file mode 100644
index e7033de..00000000
--- a/net-nds/openldap/openldap-2.4.42-r1.ebuild
+++ /dev/null
@@ -1,828 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )
- ?? ( gnutls libressl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? (
- !gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
- )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.17
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.42.ebuild b/net-nds/openldap/openldap-2.4.42.ebuild
deleted file mode 100644
index 4aa1760..00000000
--- a/net-nds/openldap/openldap-2.4.42.ebuild
+++ /dev/null
@@ -1,818 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.17
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? ( dev-libs/openssl )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- dev-libs/openssl
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # bug #421463
- #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.43-r1.ebuild b/net-nds/openldap/openldap-2.4.43-r1.ebuild
deleted file mode 100644
index ee27b3c..00000000
--- a/net-nds/openldap/openldap-2.4.43-r1.ebuild
+++ /dev/null
@@ -1,830 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos kinit"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )
- ?? ( gnutls libressl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? (
- !gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
- )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.17
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? (
- virtual/krb5
- kinit? ( !app-crypt/heimdal )
- )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- if use kinit ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- fi
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
diff --git a/net-nds/openldap/openldap-2.4.43.ebuild b/net-nds/openldap/openldap-2.4.43.ebuild
deleted file mode 100644
index dd6af16..00000000
--- a/net-nds/openldap/openldap-2.4.43.ebuild
+++ /dev/null
@@ -1,825 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
-
-BIS_PN=rfc2307bis.schema
-BIS_PV=20140524
-BIS_P="${BIS_PN}-${BIS_PV}"
-
-DESCRIPTION="LDAP suite of application and development tools"
-HOMEPAGE="http://www.OpenLDAP.org/"
-
-# mirrors are mostly not working, using canonical URI
-SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
- mirror://gentoo/${BIS_P}"
-
-LICENSE="OPENLDAP GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
-
-IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
-IUSE_BACKEND="+berkdb"
-IUSE_OVERLAY="overlays perl"
-IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
-IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
-IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
-
-REQUIRED_USE="cxx? ( sasl )
- ?? ( gnutls libressl )"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
-BDB_PKGS=''
-for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
-
-# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="icu? ( dev-libs/icu:= )
- ssl? (
- !gnutls? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
- )
- gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}]
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
- sasl? ( dev-libs/cyrus-sasl:= )
- !minimal? (
- sys-devel/libtool
- sys-libs/e2fsprogs-libs
- >=dev-db/lmdb-0.9.17
- tcpd? ( sys-apps/tcp-wrappers )
- odbc? ( !iodbc? ( dev-db/unixODBC )
- iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
- perl? ( dev-lang/perl:=[-build(-)] )
- samba? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- )
- berkdb? (
- <sys-libs/db-6.0:=
- || ( ${BDB_PKGS} )
- )
- smbkrb5passwd? (
- !libressl? ( dev-libs/openssl:0 )
- libressl? ( dev-libs/libressl )
- kerberos? ( app-crypt/heimdal )
- )
- kerberos? ( virtual/krb5 )
- cxx? ( dev-libs/cyrus-sasl:= )
- )
- abi_x86_32? (
- !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
- )"
-DEPEND="${CDEPEND}
- sys-apps/groff"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ldap )
-"
-# for tracking versions
-OPENLDAP_VERSIONTAG=".version-tag"
-OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
-
-MULTILIB_WRAPPED_HEADERS=(
- # USE=cxx
- /usr/include/LDAPAsynConnection.h
- /usr/include/LDAPAttrType.h
- /usr/include/LDAPAttribute.h
- /usr/include/LDAPAttributeList.h
- /usr/include/LDAPConnection.h
- /usr/include/LDAPConstraints.h
- /usr/include/LDAPControl.h
- /usr/include/LDAPControlSet.h
- /usr/include/LDAPEntry.h
- /usr/include/LDAPEntryList.h
- /usr/include/LDAPException.h
- /usr/include/LDAPExtResult.h
- /usr/include/LDAPMessage.h
- /usr/include/LDAPMessageQueue.h
- /usr/include/LDAPModList.h
- /usr/include/LDAPModification.h
- /usr/include/LDAPObjClass.h
- /usr/include/LDAPRebind.h
- /usr/include/LDAPRebindAuth.h
- /usr/include/LDAPReferenceList.h
- /usr/include/LDAPResult.h
- /usr/include/LDAPSaslBindResult.h
- /usr/include/LDAPSchema.h
- /usr/include/LDAPSearchReference.h
- /usr/include/LDAPSearchResult.h
- /usr/include/LDAPSearchResults.h
- /usr/include/LDAPUrl.h
- /usr/include/LDAPUrlList.h
- /usr/include/LdifReader.h
- /usr/include/LdifWriter.h
- /usr/include/SaslInteraction.h
- /usr/include/SaslInteractionHandler.h
- /usr/include/StringList.h
- /usr/include/TlsOptions.h
-)
-
-openldap_filecount() {
- local dir="$1"
- find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
-}
-
-openldap_find_versiontags() {
- # scan for all datadirs
- openldap_datadirs=""
- if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
- openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
- fi
- openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
-
- einfo
- einfo "Scanning datadir(s) from slapd.conf and"
- einfo "the default installdir for Versiontags"
- einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
- einfo
-
- # scan datadirs if we have a version tag
- openldap_found_tag=0
- have_files=0
- for each in ${openldap_datadirs}; do
- CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
- CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
- if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
- einfo "- Checking ${each}..."
- if [ -r ${CURRENT_TAG} ] ; then
- # yey, we have one :)
- einfo " Found Versiontag in ${each}"
- source ${CURRENT_TAG}
- if [ "${OLDPF}" == "" ] ; then
- eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
- eerror "Please delete it"
- eerror
- die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
- fi
-
- OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
-
- [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
-
- # are we on the same branch?
- if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
- ewarn " Versiontag doesn't match current major release!"
- if [[ "${have_files}" == "1" ]] ; then
- eerror " Versiontag says other major and you (probably) have datafiles!"
- echo
- openldap_upgrade_howto
- else
- einfo " No real problem, seems there's no database."
- fi
- else
- einfo " Versiontag is fine here :)"
- fi
- else
- einfo " Non-tagged dir ${each}"
- [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
- if [[ "${have_files}" == "1" ]] ; then
- einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
- echo
-
- eerror
- eerror "Your OpenLDAP Installation has a non tagged datadir that"
- eerror "possibly contains a database at ${CURRENT_TAGDIR}"
- eerror
- eerror "Please export data if any entered and empty or remove"
- eerror "the directory, installation has been stopped so you"
- eerror "can take required action"
- eerror
- eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
- eerror
- openldap_upgrade_howto
- die "Please move the datadir ${CURRENT_TAGDIR} away"
- fi
- fi
- einfo
- fi
- done
- [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
-
- # Now we must check for the major version of sys-libs/db linked against.
- SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
- if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
- OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
- | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
- if use berkdb; then
- # find which one would be used
- for bdb_slot in $BDB_SLOTS ; do
- NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
- [[ -n "$NEWVER" ]] && break
- done
- fi
- local fail=0
- if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
- :
- # Nothing wrong here.
- elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was not built against"
- eerror " any version of sys-libs/db, but the new one will build"
- eerror " against ${NEWVER} and your database may be inaccessible."
- echo
- fail=1
- elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will not be"
- eerror " built against any version and your database may be"
- eerror " inaccessible."
- echo
- fail=1
- elif [ "${OLDVER}" != "${NEWVER}" ]; then
- eerror " Your existing version of OpenLDAP was built against"
- eerror " sys-libs/db:${OLDVER}, but the new one will build against"
- eerror " ${NEWVER} and your database would be inaccessible."
- echo
- fail=1
- fi
- [ "${fail}" == "1" ] && openldap_upgrade_howto
- fi
-
- echo
- einfo
- einfo "All datadirs are fine, proceeding with merge now..."
- einfo
-}
-
-openldap_upgrade_howto() {
- eerror
- eerror "A (possible old) installation of OpenLDAP was detected,"
- eerror "installation will not proceed for now."
- eerror
- eerror "As major version upgrades can corrupt your database,"
- eerror "you need to dump your database and re-create it afterwards."
- eerror
- eerror "Additionally, rebuilding against different major versions of the"
- eerror "sys-libs/db libraries will cause your database to be inaccessible."
- eerror ""
- d="$(date -u +%s)"
- l="/root/ldapdump.${d}"
- i="${l}.raw"
- eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
- eerror " 2. slapcat -l ${i}"
- eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
- eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
- eerror " 5. emerge --update \=net-nds/${PF}"
- eerror " 6. etc-update, and ensure that you apply the changes"
- eerror " 7. slapadd -l ${l}"
- eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
- eerror " 9. /etc/init.d/slapd start"
- eerror "10. check that your data is intact."
- eerror "11. set up the new replication system."
- eerror
- if [ "${FORCE_UPGRADE}" != "1" ]; then
- die "You need to upgrade your database first"
- else
- eerror "You have the magical FORCE_UPGRADE=1 in place."
- eerror "Don't say you weren't warned about data loss."
- fi
-}
-
-pkg_setup() {
- if ! use sasl && use cxx ; then
- die "To build the ldapc++ library you must emerge openldap with sasl support"
- fi
- # Bug #322787
- if use minimal && ! has_version "net-nds/openldap" ; then
- einfo "No datadir scan needed, openldap not installed"
- elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
- einfo "Skipping scan for previous datadirs as requested by minimal useflag"
- else
- openldap_find_versiontags
- fi
-
- # The user/group are only used for running daemons which are
- # disabled in minimal builds, so elide the accounts too.
- if ! use minimal ; then
- enewgroup ldap 439
- enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
- fi
-}
-
-src_prepare() {
- # ensure correct SLAPI path by default
- sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
- "${S}"/include/ldap_defaults.h
-
- epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
-
- epatch \
- "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
- "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
-
- # bug #116045 - still present in 2.4.28
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
- # bug #408077 - samba4
- epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
-
- # bug #189817
- epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
-
- # bug #233633
- epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
-
- # bug #281495
- epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
-
- # bug #294350
- epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
-
- # unbreak /bin/sh -> dash
- epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
-
- # bug #420959
- epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
-
- # unbundle lmdb
- epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch
- rm -rf "${S}"/libraries/liblmdb
-
- cd "${S}"/build || die
- einfo "Making sure upstream build strip does not do stripping too early"
- sed -i.orig \
- -e '/^STRIP/s,-s,,g' \
- top.mk || die "Failed to block stripping"
-
- # wrong assumption that /bin/sh is /bin/bash
- sed -i \
- -e 's|/bin/sh|/bin/bash|g' \
- "${S}"/tests/scripts/* || die "sed failed"
-
- cd "${S}" || die
-
- AT_NOEAUTOMAKE=yes eautoreconf
-}
-
-build_contrib_module() {
- # <dir> <sources> <outputname>
- cd "${S}/contrib/slapd-modules/$1" || die
- einfo "Compiling contrib-module: $3"
- # Make sure it's uppercase
- local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -D${define_name}=SLAPD_MOD_DYNAMIC \
- -I"${BUILD_DIR}"/include \
- -I../../../include -I../../../servers/slapd ${CFLAGS} \
- -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
- einfo "Linking contrib-module: $3"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o $3.la ${2%.c}.lo || die "linking $3 failed"
-}
-
-src_configure() {
- # Bug 408001
- use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
-
- # connectionless ldap per bug #342439
- append-cppflags -DLDAP_CONNECTIONLESS
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- local myconf=()
-
- use debug && myconf+=( $(use_enable debug) )
-
- # ICU usage is not configurable
- export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
-
- if ! use minimal && multilib_is_native_abi; then
- local CPPFLAGS=${CPPFLAGS}
-
- # re-enable serverside overlay chains per bug #296567
- # see ldap docs chaper 12.3.1 for details
- myconf+=( --enable-ldap )
-
- # backends
- myconf+=( --enable-slapd )
- if use berkdb ; then
- einfo "Using Berkeley DB for local backend"
- myconf+=( --enable-bdb --enable-hdb )
- DBINCLUDE=$(db_includedir $BDB_SLOTS)
- einfo "Using $DBINCLUDE for sys-libs/db version"
- # We need to include the slotted db.h dir for FreeBSD
- append-cppflags -I${DBINCLUDE}
- else
- myconf+=( --disable-bdb --disable-hdb )
- fi
- for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
- myconf+=( --enable-${backend}=mod )
- done
-
- myconf+=( $(use_enable perl perl mod) )
-
- myconf+=( $(use_enable odbc sql mod) )
- if use odbc ; then
- local odbc_lib="unixodbc"
- if use iodbc ; then
- odbc_lib="iodbc"
- append-cppflags -I"${EPREFIX}"/usr/include/iodbc
- fi
- myconf+=( --with-odbc=${odbc_lib} )
- fi
-
- # slapd options
- myconf+=(
- $(use_enable crypt)
- $(use_enable slp)
- $(use_enable samba lmpasswd)
- $(use_enable syslog)
- )
- if use experimental ; then
- myconf+=(
- --enable-dynacl
- --enable-aci=mod
- )
- fi
- for option in aci cleartext modules rewrite rlookups slapi; do
- myconf+=( --enable-${option} )
- done
-
- # slapd overlay options
- # Compile-in the syncprov, the others as module
- myconf+=( --enable-syncprov=yes )
- use overlays && myconf+=( --enable-overlays=mod )
-
- else
- myconf+=(
- --disable-backends
- --disable-slapd
- --disable-bdb
- --disable-hdb
- --disable-mdb
- --disable-overlays
- --disable-syslog
- )
- fi
-
- # basic functionality stuff
- myconf+=(
- $(use_enable ipv6)
- $(multilib_native_use_with sasl cyrus-sasl)
- $(multilib_native_use_enable sasl spasswd)
- $(use_enable tcpd wrappers)
- )
-
- # Some cross-compiling tests don't pan out well.
- tc-is-cross-compiler && myconf+=(
- --with-yielding-select=yes
- )
-
- local ssl_lib="no"
- if use ssl || ( ! use minimal && use samba ) ; then
- ssl_lib="openssl"
- use gnutls && ssl_lib="gnutls"
- fi
-
- myconf+=( --with-tls=${ssl_lib} )
-
- for basicflag in dynamic local proctitle shared; do
- myconf+=( --enable-${basicflag} )
- done
-
- tc-export AR CC CXX
- ECONF_SOURCE=${S} \
- STRIP=/bin/true \
- econf \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
- $(use_enable static-libs static) \
- "${myconf[@]}"
- emake depend
-}
-
-src_configure_cxx() {
- # This needs the libraries built by the first build run.
- # So we have to run it AFTER the main build, not just after the main
- # configure.
- local myconf_ldapcpp=(
- --with-ldap-includes="${S}"/include
- )
-
- mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
- cd "${BUILD_DIR}/contrib/ldapc++" || die
-
- local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
- append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
- -L"${BUILD_DIR}"/libraries/libldap/.libs
- append-cppflags -I"${BUILD_DIR}"/include
- ECONF_SOURCE=${S}/contrib/ldapc++ \
- econf "${myconf_ldapcpp[@]}" \
- CC="${CC}" \
- CXX="${CXX}"
-}
-
-multilib_src_compile() {
- tc-export AR CC CXX
- emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
- local lt="${BUILD_DIR}/libtool"
- export echo="echo"
-
- if ! use minimal && multilib_is_native_abi ; then
- if use cxx ; then
- einfo "Building contrib library: ldapc++"
- src_configure_cxx
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake \
- CC="${CC}" CXX="${CXX}"
- fi
-
- if use smbkrb5passwd ; then
- einfo "Building contrib-module: smbk5pwd"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
-
- MY_DEFS="-DDO_SHADOW"
- if use samba ; then
- MY_DEFS="${MY_DEFS} -DDO_SAMBA"
- MY_KRB5_INC=""
- fi
- if use kerberos ; then
- MY_DEFS="${MY_DEFS} -DDO_KRB5"
- MY_KRB5_INC="$(krb5-config --cflags)"
- fi
-
- emake \
- DEFS="${MY_DEFS}" \
- KRB5_INC="${MY_KRB5_INC}" \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
- fi
-
- if use overlays ; then
- einfo "Building contrib-module: samba4"
- cd "${S}/contrib/slapd-modules/samba4" || die
-
- emake \
- LDAP_BUILD="${BUILD_DIR}" \
- CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
- fi
-
- if use kerberos ; then
- build_contrib_module "kinit" "kinit.c" "kinit"
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-kerberos"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- $(krb5-config --cflags) \
- -DHAVE_KRB5 \
- -o kerberos.lo \
- -c kerberos.c || die "compiling pw-kerberos failed"
- einfo "Linking contrib-module: pw-kerberos"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-kerberos.la \
- kerberos.lo || die "linking pw-kerberos failed"
- fi
- # We could build pw-radius if GNURadius would install radlib.h
- cd "${S}/contrib/slapd-modules/passwd" || die
- einfo "Compiling contrib-module: pw-netscape"
- "${lt}" --mode=compile --tag=CC \
- "${CC}" \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -o netscape.lo \
- -c netscape.c || die "compiling pw-netscape failed"
- einfo "Linking contrib-module: pw-netscape"
- "${lt}" --mode=link --tag=CC \
- "${CC}" -module \
- ${CFLAGS} \
- ${LDFLAGS} \
- -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
- -o pw-netscape.la \
- netscape.lo || die "linking pw-netscape failed"
-
- #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
- #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
- build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
- build_contrib_module "allop" "allop.c" "overlay-allop"
- build_contrib_module "allowed" "allowed.c" "allowed"
- build_contrib_module "autogroup" "autogroup.c" "autogroup"
- build_contrib_module "cloak" "cloak.c" "cloak"
- # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
- build_contrib_module "denyop" "denyop.c" "denyop-overlay"
- build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
- build_contrib_module "dupent" "dupent.c" "dupent"
- build_contrib_module "lastbind" "lastbind.c" "lastbind"
- # lastmod may not play well with other overlays
- build_contrib_module "lastmod" "lastmod.c" "lastmod"
- build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
- build_contrib_module "nops" "nops.c" "nops-overlay"
- #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
- build_contrib_module "trace" "trace.c" "trace"
- # build slapi-plugins
- cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
- einfo "Building contrib-module: addrdnvalues plugin"
- "${CC}" -shared \
- -I"${BUILD_DIR}"/include \
- -I../../../include \
- ${CFLAGS} \
- -fPIC \
- ${LDFLAGS} \
- -o libaddrdnvalues-plugin.so \
- addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
-
- fi
-}
-
-multilib_src_test() {
- if multilib_is_native_abi; then
- cd tests || die
- emake tests || die "make tests failed"
- fi
-}
-
-multilib_src_install() {
- local lt="${BUILD_DIR}/libtool"
- emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
- use static-libs || prune_libtool_files --all
-
- if ! use minimal && multilib_is_native_abi; then
- # openldap modules go here
- # TODO: write some code to populate slapd.conf with moduleload statements
- keepdir /usr/$(get_libdir)/openldap/openldap/
-
- # initial data storage dir
- keepdir /var/lib/openldap-data
- use prefix || fowners ldap:ldap /var/lib/openldap-data
- fperms 0700 /var/lib/openldap-data
-
- echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
-
- # use our config
- rm "${ED}"etc/openldap/slapd.conf
- insinto /etc/openldap
- newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED}"etc/openldap/slapd.conf
-
- # populate with built backends
- ebegin "populate config with built backends"
- for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
- einfo "Adding $(basename ${x})"
- sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
- done
- sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
- use prefix || fowners root:ldap /etc/openldap/slapd.conf
- fperms 0640 /etc/openldap/slapd.conf
- cp "${configfile}" "${configfile}".default
- eend
-
- # install our own init scripts and systemd unit files
- einfo "Install init scripts"
- newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
- newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
- einfo "Install systemd service"
- systemd_dounit "${FILESDIR}"/slapd.service
- systemd_install_serviced "${FILESDIR}"/slapd.service.conf
- systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
-
- if [[ $(get_libdir) != lib ]]; then
- sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
- "${ED}"/etc/init.d/slapd \
- "${ED}"/usr/lib/systemd/system/slapd.service || die
- fi
- # If built without SLP, we don't need to be before avahi
- use slp \
- || sed -i \
- -e '/before/{s/avahi-daemon//g}' \
- "${ED}"etc/init.d/slapd
-
- if use cxx ; then
- einfo "Install the ldapc++ library"
- cd "${BUILD_DIR}/contrib/ldapc++" || die
- emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- cd "${S}"/contrib/ldapc++ || die
- newdoc README ldapc++-README
- fi
-
- if use smbkrb5passwd ; then
- einfo "Install the smbk5pwd module"
- cd "${S}/contrib/slapd-modules/smbk5pwd" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
- newdoc README smbk5pwd-README
- fi
-
- if use overlays ; then
- einfo "Install the samba4 module"
- cd "${S}/contrib/slapd-modules/samba4" || die
- emake DESTDIR="${D}" \
- LDAP_BUILD="${BUILD_DIR}" \
- libexecdir="/usr/$(get_libdir)/openldap" install
- newdoc README samba4-README
- fi
-
- einfo "Installing contrib modules"
- cd "${S}/contrib/slapd-modules" || die
- for l in */*.la; do
- "${lt}" --mode=install cp ${l} \
- "${ED}"usr/$(get_libdir)/openldap/openldap || \
- die "installing ${l} failed"
- done
-
- dodoc "${FILESDIR}"/DB_CONFIG.fast.example
- docinto contrib
- doman */*.5
- #newdoc acl/README*
- newdoc addpartial/README addpartial-README
- newdoc allop/README allop-README
- newdoc allowed/README allowed-README
- newdoc autogroup/README autogroup-README
- newdoc dsaschema/README dsaschema-README
- newdoc passwd/README passwd-README
- cd "${S}/contrib/slapi-plugins" || die
- insinto /usr/$(get_libdir)/openldap/openldap
- doins */*.so
- docinto contrib
- newdoc addrdnvalues/README addrdnvalues-README
-
- insinto /etc/openldap/schema
- newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
-
- docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
- docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
- docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
-
- dosbin "${S}"/contrib/slapd-tools/statslog
- newdoc "${S}"/contrib/slapd-tools/README README.statslog
- fi
-}
-
-multilib_src_install_all() {
- dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
- docinto rfc ; dodoc doc/rfc/*.txt
-}
-
-pkg_preinst() {
- # keep old libs if any
- preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
- # bug 440470, only display the getting started help there was no openldap before,
- # or we are going to a non-minimal build
- ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
- OPENLDAP_PRINT_MESSAGES=$((! $?))
-}
-
-pkg_postinst() {
- if ! use minimal ; then
- # You cannot build SSL certificates during src_install that will make
- # binary packages containing your SSL key, which is both a security risk
- # and a misconfiguration if multiple machines use the same key and cert.
- if use ssl; then
- install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
- ewarn "add 'TLS_REQCERT allow' if you want to use them."
- fi
-
- if use prefix; then
- # Warn about prefix issues with slapd
- eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
- eerror "to start up, and requires that certain files directories be owned by"
- eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
- eerror "directories, you will have to manually fix this yourself."
- fi
-
- # These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
- fi
-
- if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
- elog "Getting started using OpenLDAP? There is some documentation available:"
- elog "Gentoo Guide to OpenLDAP Authentication"
- elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
- elog "---"
- elog "An example file for tuning BDB backends with openldap is"
- elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
- fi
-
- preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
-}
^ permalink raw reply related [flat|nested] 15+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/
@ 2015-09-03 19:35 Matt Thode
0 siblings, 0 replies; 15+ messages in thread
From: Matt Thode @ 2015-09-03 19:35 UTC (permalink / raw
To: gentoo-commits
commit: 35b5e4a0bd2ca82f81da2a2aabe9d233a308cd43
Author: Matthew Thode <mthode <AT> mthode <DOT> org>
AuthorDate: Thu Sep 3 19:33:41 2015 +0000
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Thu Sep 3 19:34:05 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35b5e4a0
net-nds/openldap: bumping for release, also fixes bug 549614
Package-Manager: portage-2.2.20.1
net-nds/openldap/Manifest | 1 +
.../files/openldap-2.4.42-mdb-unbundle.patch | 136 ++++
net-nds/openldap/openldap-2.4.42.ebuild | 809 +++++++++++++++++++++
3 files changed, 946 insertions(+)
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest
index 501255d..f19bc7d 100644
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@@ -2,4 +2,5 @@ DIST openldap-2.3.43.tgz 3803011 SHA256 d7d2dea05362c8ac7e11bb7bf1da4cdeb07225ba
DIST openldap-2.4.38.tgz 5506085 SHA256 88209a3599ec5d9354fc09bbe29b99db1ffa1b612127c06bad0c5265d0b31fd1 SHA512 df7b6b2b84102ba996f84575396c7505ada851b5f09841fd821d34fd8d62580f85ecc655e2cd3965730b44d6919d64864f56b23791f38b411d142d345f250666 WHIRLPOOL bb6a19b353f9dcde07afe78052ce9d5db5a2aaa09236b69d22da0879e74c4de8587312bad66939702db30af779f7ee9720ad792b73d225f004a1a90d80a6fed1
DIST openldap-2.4.39.tgz 5509060 SHA256 8267c87347103fef56b783b24877c0feda1063d3cb85d070e503d076584bf8a7 SHA512 7b5ef2a69f79f0901a06f8be4ab50afc3b3e98ab1ea74a421569443d32cb43d3cf773d3f028fb5fb39908c09ee172cb4770ecc5882754877a59d29bf8f8cc059 WHIRLPOOL 90ac4cff185855d569a8033a3e35a251d75e4a2805bcfa5ba5b3605ec88b2fc244b0e95aabd33c47c9846f29c95a17e1be43650442987f6abc043667e06f15cd
DIST openldap-2.4.40.tgz 5641865 SHA256 d12611a5c25b6499293c2bb7b435dc2b174db73e83f5a8cb7e34f2ce5fa6dadb SHA512 c803c4a82878891d60414d64dcb54a7c3f08675106ba13f50cba06034a97b3eee1c238761dd5ddad97d8c3f6675d9bbbec176d0340eb4a3bcd808f940baabab5 WHIRLPOOL 82cb6033798ac69faf4a0d1f5d7716316f5fbfc67e0f3a013b5bae461a01e3029aa6fb7d510bc14eed4f40ef83632561a3fa39aebf2be2785e3d0e0038db048c
+DIST openldap-2.4.42.tgz 5645925 SHA256 eeb7b0e2c5852bfd2650e83909bb6152835c0b862fab10b63954dc1bcbba8e63 SHA512 52d6af7610c4fdc8f965ebea04d09c38f73773a02c2e484dc111100f3d472f8b2f766ca32d9c80f5815a57745095cc7c33ad62d9165eec5b9e252ae172e7782c WHIRLPOOL e151c63bfd10f5e96c60f216925315ed788d426ba2c15ee2793a4de4bb25d01717e7bb5144814a0e6a053a5d5a0aab75213a495aa47aa13f7c3e70716c01633e
DIST rfc2307bis.schema-20140524 12262 SHA256 6cd8154ad86be1d6bb88a79c303dc10a49bce4ce7d21bb417a951d6496df30b1 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e WHIRLPOOL 40cef24529fb4bfc1661d03088eccdb17d9056d696b2bf0e698fa248d03f508ba776784bf8abbaffb5f4c2c59b59b29525b4be2babc978fed681e5e3c88073de
diff --git a/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch
new file mode 100644
index 0000000..9265a01
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch
@@ -0,0 +1,136 @@
+--- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200
++++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200
+@@ -160,6 +160,7 @@
+ LTHREAD_LIBS = @LTHREAD_LIBS@
+
+ BDB_LIBS = @BDB_LIBS@
++MDB_LIBS = @MDB_LIBS@
+ SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
+
+ LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
+--- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200
++++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200
+@@ -563,6 +563,38 @@
+ ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
+ ])
+
++dnl --------------------------------------------------------------------
++dnl Check for version compatility with back-mdb
++AC_DEFUN([OL_MDB_COMPAT],
++[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[
++ AC_EGREP_CPP(__mdb_version_compat,[
++#include <lmdb.h>
++
++/* require 0.9.14 or later */
++#if MDB_VERSION_FULL >= 0x00000009000E
++ __mdb_version_compat
++#endif
++ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])])
++])
++
++dnl
++dnl --------------------------------------------------------------------
++dnl Find any MDB
++AC_DEFUN([OL_MDB],
++[ol_cv_mdb=no
++AC_CHECK_HEADERS(lmdb.h)
++if test $ac_cv_header_lmdb_h = yes; then
++ OL_MDB_COMPAT
++
++ if test $ol_cv_mdb_compat != yes ; then
++ AC_MSG_ERROR([LMDB version incompatible with MDB backends])
++ fi
++
++ ol_cv_lib_mdb=-llmdb
++ ol_cv_mdb=yes
++fi
++])
++
+ dnl
+ dnl ====================================================================
+ dnl Check POSIX Thread version
+--- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200
++++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200
+@@ -25,11 +25,10 @@
+ extended.lo operational.lo \
+ attr.lo index.lo key.lo filterindex.lo \
+ dn2entry.lo dn2id.lo id2entry.lo idl.lo \
+- nextid.lo monitor.lo mdb.lo midl.lo
++ nextid.lo monitor.lo
+
+ LDAP_INCDIR= ../../../include
+ LDAP_LIBDIR= ../../../libraries
+-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
+
+ BUILD_OPT = "--enable-mdb"
+ BUILD_MOD = @BUILD_MDB@
+@@ -44,7 +43,7 @@
+
+ LIBBASE = back_mdb
+
+-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR)
++XINCPATH = -I.. -I$(srcdir)/..
+ XDEFS = $(MODULES_CPPFLAGS)
+
+ all-local-lib: ../.backend
+@@ -52,11 +51,5 @@
+ ../.backend: lib$(LIBBASE).a
+ @touch $@
+
+-mdb.lo: $(MDB_SUBDIR)/mdb.c
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c
+-
+-midl.lo: $(MDB_SUBDIR)/midl.c
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c
+-
+ veryclean-local-lib: FORCE
+ $(RM) $(XXHEADERS) $(XXSRCS) .links
+--- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200
++++ ./configure.in 2014-10-24 10:51:34.372846374 +0200
+@@ -519,6 +519,7 @@
+ dnl Initialize vars
+ LDAP_LIBS=
+ BDB_LIBS=
++MDB_LIBS=
+ SLAPD_NDB_LIBS=
+ SLAPD_NDB_INCS=
+ LTHREAD_LIBS=
+@@ -1905,6 +1906,30 @@
+ fi
+
+ dnl ----------------------------------------------------------------
++ol_link_mdb=no
++
++if test $ol_enable_mdb != no; then
++ OL_MDB
++
++ if test $ol_cv_mdb = no ; then
++ AC_MSG_ERROR(MDB: LMDB not available)
++ fi
++
++ AC_DEFINE(HAVE_MDB,1,
++ [define this if LMDB is available])
++
++ dnl $ol_cv_lib_mdb should be yes or -llmdb
++ dnl (it could be no, but that would be an error
++ if test $ol_cv_lib_mdb != yes ; then
++ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb"
++ fi
++
++ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)"
++
++ ol_link_mdb=yes
++fi
++
++dnl ----------------------------------------------------------------
+
+ if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then
+ BUILD_LIBS_DYNAMIC=shared
+@@ -3133,6 +3158,7 @@
+ AC_SUBST(LDAP_LIBS)
+ AC_SUBST(SLAPD_LIBS)
+ AC_SUBST(BDB_LIBS)
++AC_SUBST(MDB_LIBS)
+ AC_SUBST(SLAPD_NDB_LIBS)
+ AC_SUBST(SLAPD_NDB_INCS)
+ AC_SUBST(LTHREAD_LIBS)
diff --git a/net-nds/openldap/openldap-2.4.42.ebuild b/net-nds/openldap/openldap-2.4.42.ebuild
new file mode 100644
index 0000000..35e79b6
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.42.ebuild
@@ -0,0 +1,809 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd
+
+BIS_PN=rfc2307bis.schema
+BIS_PV=20140524
+BIS_P="${BIS_PN}-${BIS_PV}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+
+# mirrors are mostly not working, using canonical URI
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
+ mirror://gentoo/${BIS_P}"
+
+LICENSE="OPENLDAP GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-solaris"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux static-libs"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+REQUIRED_USE="cxx? ( sasl )"
+
+# always list newer first
+# Do not add any AGPL-3 BDB here!
+# See bug 525110, comment 15.
+BDB_SLOTS='5.3 5.1 4.8 4.7 4.6 4.5 4.4'
+BDB_PKGS=''
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
+
+# openssl is needed to generate lanman-passwords required by samba
+CDEPEND="icu? ( dev-libs/icu:= )
+ ssl? ( !gnutls? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) )
+ sasl? ( dev-libs/cyrus-sasl:= )
+ !minimal? (
+ sys-devel/libtool
+ sys-libs/e2fsprogs-libs
+ >=dev-db/lmdb-0.9.14
+ tcpd? ( sys-apps/tcp-wrappers )
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl[-build(-)] )
+ samba? ( dev-libs/openssl )
+ berkdb? (
+ <sys-libs/db-6.0:=
+ || ( ${BDB_PKGS} )
+ )
+ smbkrb5passwd? (
+ dev-libs/openssl
+ kerberos? ( app-crypt/heimdal )
+ )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl:= )
+ )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r3
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${CDEPEND}
+ sys-apps/groff"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-ldap )
+"
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+MULTILIB_WRAPPED_HEADERS=(
+ # USE=cxx
+ /usr/include/LDAPAsynConnection.h
+ /usr/include/LDAPAttrType.h
+ /usr/include/LDAPAttribute.h
+ /usr/include/LDAPAttributeList.h
+ /usr/include/LDAPConnection.h
+ /usr/include/LDAPConstraints.h
+ /usr/include/LDAPControl.h
+ /usr/include/LDAPControlSet.h
+ /usr/include/LDAPEntry.h
+ /usr/include/LDAPEntryList.h
+ /usr/include/LDAPException.h
+ /usr/include/LDAPExtResult.h
+ /usr/include/LDAPMessage.h
+ /usr/include/LDAPMessageQueue.h
+ /usr/include/LDAPModList.h
+ /usr/include/LDAPModification.h
+ /usr/include/LDAPObjClass.h
+ /usr/include/LDAPRebind.h
+ /usr/include/LDAPRebindAuth.h
+ /usr/include/LDAPReferenceList.h
+ /usr/include/LDAPResult.h
+ /usr/include/LDAPSaslBindResult.h
+ /usr/include/LDAPSchema.h
+ /usr/include/LDAPSearchReference.h
+ /usr/include/LDAPSearchResult.h
+ /usr/include/LDAPSearchResults.h
+ /usr/include/LDAPUrl.h
+ /usr/include/LDAPUrlList.h
+ /usr/include/LdifReader.h
+ /usr/include/LdifWriter.h
+ /usr/include/SaslInteraction.h
+ /usr/include/SaslInteractionHandler.h
+ /usr/include/StringList.h
+ /usr/include/TlsOptions.h
+)
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ openldap_upgrade_howto
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ if use berkdb; then
+ # find which one would be used
+ for bdb_slot in $BDB_SLOTS ; do
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")"
+ [[ -n "$NEWVER" ]] && break
+ done
+ fi
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ # Bug #322787
+ if use minimal && ! has_version "net-nds/openldap" ; then
+ einfo "No datadir scan needed, openldap not installed"
+ elif use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ else
+ openldap_find_versiontags
+ fi
+
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.28
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch
+ # bug #408077 - samba4
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ # bug #281495
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch
+
+ # bug #294350
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch
+
+ # unbreak /bin/sh -> dash
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch
+
+ # bug #420959
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch
+
+ # bug #421463
+ #epatch "${FILESDIR}"/${PN}-2.4.33-gnutls.patch # merged upstream
+
+ # unbundle lmdb
+ epatch "${FILESDIR}"/${P}-mdb-unbundle.patch
+ rm -rf "${S}"/libraries/liblmdb
+
+ cd "${S}"/build || die
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+
+ cd "${S}" || die
+
+ AT_NOEAUTOMAKE=yes eautoreconf
+}
+
+build_contrib_module() {
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1" || die
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ # Bug 408001
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync
+
+ # connectionless ldap per bug #342439
+ append-cppflags -DLDAP_CONNECTIONLESS
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ use debug && myconf+=( $(use_enable debug) )
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(multilib_is_native_abi && use icu && echo yes || echo no)"
+
+ if ! use minimal && multilib_is_native_abi; then
+ local CPPFLAGS=${CPPFLAGS}
+
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf+=( --enable-ldap )
+
+ # backends
+ myconf+=( --enable-slapd )
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf+=( --enable-bdb --enable-hdb )
+ DBINCLUDE=$(db_includedir $BDB_SLOTS)
+ einfo "Using $DBINCLUDE for sys-libs/db version"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I${DBINCLUDE}
+ else
+ myconf+=( --disable-bdb --disable-hdb )
+ fi
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do
+ myconf+=( --enable-${backend}=mod )
+ done
+
+ myconf+=( $(use_enable perl perl mod) )
+
+ myconf+=( $(use_enable odbc sql mod) )
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc
+ fi
+ myconf+=( --with-odbc=${odbc_lib} )
+ fi
+
+ # slapd options
+ myconf+=(
+ $(use_enable crypt)
+ $(use_enable slp)
+ $(use_enable samba lmpasswd)
+ $(use_enable syslog)
+ )
+ if use experimental ; then
+ myconf+=(
+ --enable-dynacl
+ --enable-aci=mod
+ )
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf+=( --enable-${option} )
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf+=( --enable-syncprov=yes )
+ use overlays && myconf+=( --enable-overlays=mod )
+
+ else
+ myconf+=(
+ --disable-backends
+ --disable-slapd
+ --disable-bdb
+ --disable-hdb
+ --disable-mdb
+ --disable-overlays
+ --disable-syslog
+ )
+ fi
+
+ # basic functionality stuff
+ myconf+=(
+ $(use_enable ipv6)
+ $(multilib_native_use_with sasl cyrus-sasl)
+ $(multilib_native_use_enable sasl spasswd)
+ $(use_enable tcpd wrappers)
+ )
+
+ local ssl_lib="no"
+ if use ssl || ( ! use minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf+=( --with-tls=${ssl_lib} )
+
+ for basicflag in dynamic local proctitle shared; do
+ myconf+=( --enable-${basicflag} )
+ done
+
+ tc-export AR CC CXX
+ ECONF_SOURCE=${S} \
+ STRIP=/bin/true \
+ econf \
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \
+ $(use_enable static-libs static) \
+ "${myconf[@]}"
+ emake depend
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ local myconf_ldapcpp=(
+ --with-ldap-includes="${S}"/include
+ )
+
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS}
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \
+ -L"${BUILD_DIR}"/libraries/libldap/.libs
+ append-cppflags -I"${BUILD_DIR}"/include
+ ECONF_SOURCE=${S}/contrib/ldapc++ \
+ econf "${myconf_ldapcpp[@]}" \
+ CC="${CC}" \
+ CXX="${CXX}"
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ emake CC="${CC}" AR="${AR}" SHELL="${EPREFIX}"/bin/bash
+ local lt="${BUILD_DIR}/libtool"
+ export echo="echo"
+
+ if ! use minimal && multilib_is_native_abi ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake \
+ CC="${CC}" CXX="${CXX}"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+
+ MY_DEFS="-DDO_SHADOW"
+ if use samba ; then
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA"
+ MY_KRB5_INC=""
+ fi
+ if use kerberos ; then
+ MY_DEFS="${MY_DEFS} -DDO_KRB5"
+ MY_KRB5_INC="$(krb5-config --cflags)"
+ fi
+
+ emake \
+ DEFS="${MY_DEFS}" \
+ KRB5_INC="${MY_KRB5_INC}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap"
+ fi
+
+ if use overlays ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+
+ emake \
+ LDAP_BUILD="${BUILD_DIR}" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap"
+ fi
+
+ if use kerberos ; then
+ build_contrib_module "kinit" "kinit.c" "kinit"
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd" || die
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "cloak" "cloak.c" "cloak"
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ build_contrib_module "dupent" "dupent.c" "dupent"
+ build_contrib_module "lastbind" "lastbind.c" "lastbind"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I"${BUILD_DIR}"/include \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ cd tests || die
+ emake tests || die "make tests failed"
+ fi
+}
+
+multilib_src_install() {
+ local lt="${BUILD_DIR}/libtool"
+ emake DESTDIR="${D}" SHELL="${EPREFIX}"/bin/bash install
+ use static-libs || prune_libtool_files --all
+
+ if ! use minimal && multilib_is_native_abi; then
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ use prefix || fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # use our config
+ rm "${ED}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
+ configfile="${ED}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ einfo "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts and systemd unit files
+ einfo "Install init scripts"
+ newinitd "${FILESDIR}"/slapd-initd-2.4.40-r2 slapd
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd
+ einfo "Install systemd service"
+ systemd_dounit "${FILESDIR}"/slapd.service
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
+
+ if [[ $(get_libdir) != lib ]]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i \
+ "${ED}"/etc/init.d/slapd \
+ "${ED}"/usr/lib/systemd/system/slapd.service || die
+ fi
+ # If built without SLP, we don't need to be before avahi
+ use slp \
+ || sed -i \
+ -e '/before/{s/avahi-daemon//g}' \
+ "${ED}"etc/init.d/slapd
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${BUILD_DIR}/contrib/ldapc++" || die
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ cd "${S}"/contrib/ldapc++ || die
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install
+ newdoc README smbk5pwd-README
+ fi
+
+ if use overlays ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4" || die
+ emake DESTDIR="${D}" \
+ LDAP_BUILD="${BUILD_DIR}" \
+ libexecdir="/usr/$(get_libdir)/openldap" install
+ newdoc README samba4-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules" || die
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto contrib
+ doman */*.5
+ #newdoc acl/README*
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ newdoc allowed/README allowed-README
+ newdoc autogroup/README autogroup-README
+ newdoc dsaschema/README dsaschema-README
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins" || die
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+
+ insinto /etc/openldap/schema
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN}
+
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample*
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample*
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm
+
+ dosbin "${S}"/contrib/slapd-tools/statslog
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README
+ docinto rfc ; dodoc doc/rfc/*.txt
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0)
+ # bug 440470, only display the getting started help there was no openldap before,
+ # or we are going to a non-minimal build
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]'
+ OPENLDAP_PRINT_MESSAGES=$((! $?))
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT allow' if you want to use them."
+ fi
+
+ if use prefix; then
+ # Warn about prefix issues with slapd
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges"
+ eerror "to start up, and requires that certain files directories be owned by"
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and"
+ eerror "directories, you will have to manually fix this yourself."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
+ chmod 0755 "${EROOT}"var/run/openldap
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ fi
+
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+ fi
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0)
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread
end of thread, other threads:[~2024-08-25 20:00 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-25 20:00 [gentoo-commits] repo/gentoo:master commit in: net-nds/openldap/files/, net-nds/openldap/ Robin H. Johnson
-- strict thread matches above, loose matches on Subject: below --
2024-08-25 0:57 Robin H. Johnson
2024-02-09 14:57 Joonas Niilola
2023-05-30 21:56 Sam James
2023-02-10 0:29 Sam James
2023-01-19 18:02 Sam James
2022-11-24 11:27 Sam James
2022-03-20 21:04 Sam James
2022-03-19 22:39 Sam James
2021-03-25 13:02 Sam James
2017-06-29 20:50 Patrick McLean
2017-06-23 16:14 Matt Thode
2017-01-29 11:54 Aaron Bauman
2017-01-29 7:05 Aaron Bauman
2015-09-03 19:35 Matt Thode
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox