commit: d12a02243969b7c715e9b639345ec8aacd925a28 Author: Dennis Lamm <expeditioneer <AT> gentoo <DOT> org> AuthorDate: Sat Feb 5 23:24:54 2022 +0000 Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> CommitDate: Sat Mar 19 18:07:51 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d12a0224
net-nds/openldap 2.6.1 version bump Closes: https://bugs.gentoo.org/799092 Bug: https://bugs.gentoo.org/624178 Bug: https://bugs.gentoo.org/815844 Bug: https://bugs.gentoo.org/609486 Signed-off-by: Dennis Lamm <expeditioneer <AT> gentoo.org> (cherry picked from commit c2e92fe1e144e8563f753a76d9d0cba923bb8878) Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org> net-nds/openldap/Manifest | 1 + net-nds/openldap/files/openldap-2.6.1-cloak.patch | 25 + .../files/openldap-2.6.1-fix-missing-mapping.patch | 21 + net-nds/openldap/files/openldap-2.6.1-flags.patch | 416 +++++++++++ .../openldap/files/openldap-2.6.1-system-mdb.patch | 148 ++++ net-nds/openldap/files/slapd-2.6.1.service | 12 + net-nds/openldap/files/slapd-confd-2.6.1 | 26 + net-nds/openldap/metadata.xml | 4 + net-nds/openldap/openldap-2.6.1.ebuild | 796 +++++++++++++++++++++ 9 files changed, 1449 insertions(+) diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest index 94ca3b8be20f..c0b19b7c9812 100644 --- a/net-nds/openldap/Manifest +++ b/net-nds/openldap/Manifest @@ -2,4 +2,5 @@ DIST openldap-2.4.57.tgz 5883912 BLAKE2B 439605e1bebcf34968f0a552aaade1b72b7671a DIST openldap-2.4.58.tgz 5885225 BLAKE2B effb618dba03497796a497cd7f53ec52e389133769321dd242433bed5ec4b1f66cf7353f08a49d5f3465880f6bcfc9afc9c7d2a28e075b66f5fd926b02213541 SHA512 2fa2aa36117692eca44e55559f162c8c796f78469e6c2aee91b06d46f2b755d416979c913a3d89bbf9db14cc84881ecffee69af75b48e1d16b7aa9d2e3873baa DIST openldap-2.4.59.tgz 5886272 BLAKE2B a2a8bed1d2af97fd41d651668152fd4740871bc5a8abf4b50390839228af82ac103346b3500ae0f8dd31b708acabb30435b90cd48dfafe510e648df5150d96b8 SHA512 233459ab446da6e107a7fc4ecd5668d6b08c11a11359ee76449550393e8f586a29b59d7ae09a050a1fca4fcf388ea61438ef60831b3ae802d92c048365ae3968 DIST openldap-2.5.4.tgz 6415235 BLAKE2B 16e466d01dc7642786bb88a101854513f1239f1e817fd05145e89deb54bc1b911a5dc5f42b132747f14bdd2a3355e7c398b8b14937e7093361f4a96bfb7e9197 SHA512 00b57c9179acf3b1bde738e91604f3b09b5f5309106362bb947154d131868f233713eaa75c9af9771bfad731902d67406e8fb429851bad227fc48054cace16a8 +DIST openldap-OPENLDAP_REL_ENG_2_6_1.tar.gz 6211863 BLAKE2B 81f4591db483a214351c2e02631fef2875e17e0890fc621182d2ed61d927c3c029a4f290ee6c0788952495d6f7a76ed15e62557b8d8f2e241d867e19fdf223b7 SHA512 ca61c1dccf3194d8d149ca0c45a4834d6fadf67a3676cf348f5f62ab92c94bc7501216d7da681c3a6f87f646a18d0f3d116c3d3a24d2e5cbebc6c695c986e517 DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e diff --git a/net-nds/openldap/files/openldap-2.6.1-cloak.patch b/net-nds/openldap/files/openldap-2.6.1-cloak.patch new file mode 100644 index 000000000000..8fab052d4db1 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.6.1-cloak.patch @@ -0,0 +1,25 @@ +diff --git a/contrib/slapd-modules/cloak/cloak.c b/contrib/slapd-modules/cloak/cloak.c +index ced7a8024..dffce3614 100644 +--- a/contrib/slapd-modules/cloak/cloak.c ++++ b/contrib/slapd-modules/cloak/cloak.c +@@ -29,6 +29,7 @@ + #include "ac/socket.h" + + #include "lutil.h" ++#include "attr.h" + #include "slap.h" + #include "slap-config.h" + +diff --git a/servers/slapd/attr.h b/servers/slapd/attr.h +index e69de29bb..73949f60c 100644 +--- a/servers/slapd/attr.h ++++ b/servers/slapd/attr.h +@@ -0,0 +1,8 @@ ++#ifndef OPENLDAP_SERVERS_SLAPD_ATTR_H_ ++#define OPENLDAP_SERVERS_SLAPD_ATTR_H_ ++ ++#endif //OPENLDAP_SERVERS_SLAPD_ATTR_H_ ++ ++#include "slap.h" ++ ++void attr_clean( Attribute *a ); diff --git a/net-nds/openldap/files/openldap-2.6.1-fix-missing-mapping.patch b/net-nds/openldap/files/openldap-2.6.1-fix-missing-mapping.patch new file mode 100644 index 000000000000..be7fbf3e528d --- /dev/null +++ b/net-nds/openldap/files/openldap-2.6.1-fix-missing-mapping.patch @@ -0,0 +1,21 @@ +From 59e013602d7b1aa0d7da79d65367c9ec391b96f8 Mon Sep 17 00:00:00 2001 +From: Simon Pichugin <spich...@redhat.com> +Date: Wed, 3 Nov 2021 19:03:40 -0700 +Subject: [PATCH] Fix missing mapping + +--- + libraries/liblber/lber.map | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libraries/liblber/lber.map b/libraries/liblber/lber.map +index 9a4094b0f..083cd1f32 100644 +--- a/libraries/liblber/lber.map ++++ b/libraries/liblber/lber.map +@@ -121,6 +121,7 @@ OPENLDAP_2.200 + ber_sockbuf_io_fd; + ber_sockbuf_io_readahead; + ber_sockbuf_io_tcp; ++ ber_sockbuf_io_udp; + ber_sockbuf_remove_io; + ber_sos_dump; + ber_start; diff --git a/net-nds/openldap/files/openldap-2.6.1-flags.patch b/net-nds/openldap/files/openldap-2.6.1-flags.patch new file mode 100644 index 000000000000..019bd9f6fd33 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.6.1-flags.patch @@ -0,0 +1,416 @@ +diff --git a/contrib/slapd-modules/acl/Makefile b/contrib/slapd-modules/acl/Makefile +index 2195e2d72..3efaaad72 100644 +--- a/contrib/slapd-modules/acl/Makefile ++++ b/contrib/slapd-modules/acl/Makefile +@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/addpartial/Makefile b/contrib/slapd-modules/addpartial/Makefile +index ecb7cd0a3..e278dc080 100644 +--- a/contrib/slapd-modules/addpartial/Makefile ++++ b/contrib/slapd-modules/addpartial/Makefile +@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/adremap/Makefile b/contrib/slapd-modules/adremap/Makefile +index b008eabd6..23d3658c3 100644 +--- a/contrib/slapd-modules/adremap/Makefile ++++ b/contrib/slapd-modules/adremap/Makefile +@@ -19,7 +19,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_ADREMAP=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/allop/Makefile b/contrib/slapd-modules/allop/Makefile +index 053f3774a..11998ce87 100644 +--- a/contrib/slapd-modules/allop/Makefile ++++ b/contrib/slapd-modules/allop/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/allowed/Makefile b/contrib/slapd-modules/allowed/Makefile +index 32cb43241..674d6cafd 100644 +--- a/contrib/slapd-modules/allowed/Makefile ++++ b/contrib/slapd-modules/allowed/Makefile +@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_ALLOWED=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/authzid/Makefile b/contrib/slapd-modules/authzid/Makefile +index ef9c4bc4f..49a756c35 100644 +--- a/contrib/slapd-modules/authzid/Makefile ++++ b/contrib/slapd-modules/authzid/Makefile +@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/autogroup/Makefile b/contrib/slapd-modules/autogroup/Makefile +index 7dd6613cf..f19acae6c 100644 +--- a/contrib/slapd-modules/autogroup/Makefile ++++ b/contrib/slapd-modules/autogroup/Makefile +@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/cloak/Makefile b/contrib/slapd-modules/cloak/Makefile +index c54e6b134..9360ef2dc 100644 +--- a/contrib/slapd-modules/cloak/Makefile ++++ b/contrib/slapd-modules/cloak/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_CLOAK=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/comp_match/Makefile b/contrib/slapd-modules/comp_match/Makefile +index 9b78c5c12..e1cb8fe3c 100644 +--- a/contrib/slapd-modules/comp_match/Makefile ++++ b/contrib/slapd-modules/comp_match/Makefile +@@ -31,7 +31,7 @@ SSL_LIB = -lcrypto -L$(SSL_DIR)/lib + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DLDAP_COMPONENT + INCS = $(LDAP_INC) $(SNACC_INC) $(SSL_INC) + LIBS = $(LDAP_LIB) $(SNACC_LIB) $(SSL_LIB) +diff --git a/contrib/slapd-modules/datamorph/Makefile b/contrib/slapd-modules/datamorph/Makefile +index 82bce493c..19231c71d 100644 +--- a/contrib/slapd-modules/datamorph/Makefile ++++ b/contrib/slapd-modules/datamorph/Makefile +@@ -22,7 +22,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_DATAMORPH=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/denyop/Makefile b/contrib/slapd-modules/denyop/Makefile +index 2cea18b06..d11dd8d4a 100644 +--- a/contrib/slapd-modules/denyop/Makefile ++++ b/contrib/slapd-modules/denyop/Makefile +@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_DENYOP=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/dsaschema/Makefile b/contrib/slapd-modules/dsaschema/Makefile +index 3a88fc01f..97e0642f3 100644 +--- a/contrib/slapd-modules/dsaschema/Makefile ++++ b/contrib/slapd-modules/dsaschema/Makefile +@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/dupent/Makefile b/contrib/slapd-modules/dupent/Makefile +index 6b3543862..1cc09a8b4 100644 +--- a/contrib/slapd-modules/dupent/Makefile ++++ b/contrib/slapd-modules/dupent/Makefile +@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_DUPENT=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/kinit/Makefile b/contrib/slapd-modules/kinit/Makefile +index 7b25ced76..9f339e810 100644 +--- a/contrib/slapd-modules/kinit/Makefile ++++ b/contrib/slapd-modules/kinit/Makefile +@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) -lkrb5 +diff --git a/contrib/slapd-modules/lastbind/Makefile b/contrib/slapd-modules/lastbind/Makefile +index c273cd3a0..da9fa172f 100644 +--- a/contrib/slapd-modules/lastbind/Makefile ++++ b/contrib/slapd-modules/lastbind/Makefile +@@ -19,7 +19,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/lastmod/Makefile b/contrib/slapd-modules/lastmod/Makefile +index 9b06c28fb..be583722b 100644 +--- a/contrib/slapd-modules/lastmod/Makefile ++++ b/contrib/slapd-modules/lastmod/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_LASTMOD=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/noopsrch/Makefile b/contrib/slapd-modules/noopsrch/Makefile +index 2934a3214..22a3db04b 100644 +--- a/contrib/slapd-modules/noopsrch/Makefile ++++ b/contrib/slapd-modules/noopsrch/Makefile +@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 -Wall ++OPT = -Wall -Wall + DEFS = -DSLAPD_OVER_NOOPSRCH=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/nops/Makefile b/contrib/slapd-modules/nops/Makefile +index 94a5bcd23..86dcdfd76 100644 +--- a/contrib/slapd-modules/nops/Makefile ++++ b/contrib/slapd-modules/nops/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/nssov/Makefile b/contrib/slapd-modules/nssov/Makefile +index 13987c250..c2c26d473 100644 +--- a/contrib/slapd-modules/nssov/Makefile ++++ b/contrib/slapd-modules/nssov/Makefile +@@ -27,7 +27,7 @@ NLDAPD_INC=-Inss-pam-ldapd + + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install +-OPT = -g -O2 ++OPT = -Wall + CC = gcc + DEFS = + INCS = $(LDAP_INC) $(NLDAPD_INC) +diff --git a/contrib/slapd-modules/passwd/Makefile b/contrib/slapd-modules/passwd/Makefile +index 634649603..4b6be2617 100644 +--- a/contrib/slapd-modules/passwd/Makefile ++++ b/contrib/slapd-modules/passwd/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/passwd/pbkdf2/Makefile b/contrib/slapd-modules/passwd/pbkdf2/Makefile +index 6279f50c1..20769028e 100644 +--- a/contrib/slapd-modules/passwd/pbkdf2/Makefile ++++ b/contrib/slapd-modules/passwd/pbkdf2/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + #DEFS = -DSLAPD_PBKDF2_DEBUG + + SSL_INC = +diff --git a/contrib/slapd-modules/passwd/sha2/Makefile b/contrib/slapd-modules/passwd/sha2/Makefile +index 2d2075688..f8a77d24d 100644 +--- a/contrib/slapd-modules/passwd/sha2/Makefile ++++ b/contrib/slapd-modules/passwd/sha2/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + #DEFS = -DSLAPD_SHA2_DEBUG + INCS = $(LDAP_INC) +diff --git a/contrib/slapd-modules/passwd/totp/Makefile b/contrib/slapd-modules/passwd/totp/Makefile +index f7dff4bd7..463a45248 100644 +--- a/contrib/slapd-modules/passwd/totp/Makefile ++++ b/contrib/slapd-modules/passwd/totp/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/ppm/Makefile b/contrib/slapd-modules/ppm/Makefile +index 7b6efaddd..f26faca2b 100644 +--- a/contrib/slapd-modules/ppm/Makefile ++++ b/contrib/slapd-modules/ppm/Makefile +@@ -18,7 +18,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/liblber/liblber.la $(LDAP_BUILD)/libraries/li + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 -fpic ++OPT = -Wall -fpic + + # To skip linking against CRACKLIB make CRACK=no + CRACK=yes +diff --git a/contrib/slapd-modules/proxyOld/Makefile b/contrib/slapd-modules/proxyOld/Makefile +index d92967c39..f2e7524a9 100644 +--- a/contrib/slapd-modules/proxyOld/Makefile ++++ b/contrib/slapd-modules/proxyOld/Makefile +@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/rbac/Makefile b/contrib/slapd-modules/rbac/Makefile +index 1180bd6a1..59b614ade 100755 +--- a/contrib/slapd-modules/rbac/Makefile ++++ b/contrib/slapd-modules/rbac/Makefile +@@ -9,7 +9,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_RBAC=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/samba4/Makefile b/contrib/slapd-modules/samba4/Makefile +index f53d130d2..a4b6600ca 100644 +--- a/contrib/slapd-modules/samba4/Makefile ++++ b/contrib/slapd-modules/samba4/Makefile +@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \ + -DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \ + -DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC +diff --git a/contrib/slapd-modules/smbk5pwd/Makefile b/contrib/slapd-modules/smbk5pwd/Makefile +index a1c2c8eef..c2b1c16bb 100644 +--- a/contrib/slapd-modules/smbk5pwd/Makefile ++++ b/contrib/slapd-modules/smbk5pwd/Makefile +@@ -27,7 +27,7 @@ HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. + DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW + INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) +diff --git a/contrib/slapd-modules/trace/Makefile b/contrib/slapd-modules/trace/Makefile +index 1bf8a5541..9026c2c93 100644 +--- a/contrib/slapd-modules/trace/Makefile ++++ b/contrib/slapd-modules/trace/Makefile +@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_TRACE=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/usn/Makefile b/contrib/slapd-modules/usn/Makefile +index d7af04b10..eae938a3e 100644 +--- a/contrib/slapd-modules/usn/Makefile ++++ b/contrib/slapd-modules/usn/Makefile +@@ -8,7 +8,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_USN=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/variant/Makefile b/contrib/slapd-modules/variant/Makefile +index 07effed6c..a83373b48 100644 +--- a/contrib/slapd-modules/variant/Makefile ++++ b/contrib/slapd-modules/variant/Makefile +@@ -22,7 +22,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = -DSLAPD_OVER_VARIANT=SLAPD_MOD_DYNAMIC + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) +diff --git a/contrib/slapd-modules/vc/Makefile b/contrib/slapd-modules/vc/Makefile +index 9fe67ab27..526037e50 100644 +--- a/contrib/slapd-modules/vc/Makefile ++++ b/contrib/slapd-modules/vc/Makefile +@@ -20,7 +20,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 ++OPT = -Wall + DEFS = + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) diff --git a/net-nds/openldap/files/openldap-2.6.1-system-mdb.patch b/net-nds/openldap/files/openldap-2.6.1-system-mdb.patch new file mode 100644 index 000000000000..55a2253a8fa0 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.6.1-system-mdb.patch @@ -0,0 +1,148 @@ +diff --git a/build/openldap.m4 b/build/openldap.m4 +index 91e2608b8..493f85ae8 100644 +--- a/build/openldap.m4 ++++ b/build/openldap.m4 +@@ -243,6 +243,40 @@ OL_RESOLVER_TRY(ol_cv_resolver_none) + OL_RESOLVER_TRY(ol_cv_resolver_resolv,[-lresolv]) + OL_RESOLVER_TRY(ol_cv_resolver_bind,[-lbind]) + ]) ++ ++dnl -------------------------------------------------------------------- ++dnl Check for version compatility with back-mdb ++AC_DEFUN([OL_MDB_COMPAT], ++[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[ ++ AC_EGREP_CPP(__mdb_version_compat,[ ++#include <lmdb.h> ++ ++/* require 0.9.18 or later */ ++#if MDB_VERSION_FULL >= 0x000000090012 ++ __mdb_version_compat ++#endif ++ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])]) ++]) ++ ++dnl ++dnl -------------------------------------------------------------------- ++dnl Find any MDB ++AC_DEFUN([OL_MDB], ++[ol_cv_mdb=no ++AC_CHECK_HEADERS(lmdb.h) ++if test $ac_cv_header_lmdb_h = yes; then ++ OL_MDB_COMPAT ++ ++ if test $ol_cv_mdb_compat != yes ; then ++ AC_MSG_ERROR([LMDB version incompatible with MDB backends]) ++ fi ++ ++ ol_cv_lib_mdb=-llmdb ++ ol_cv_mdb=yes ++fi ++]) ++ ++ + dnl + dnl ==================================================================== + dnl Check POSIX Thread version +diff --git a/build/top.mk b/build/top.mk +index 67873d9f3..8d8787ecb 100644 +--- a/build/top.mk ++++ b/build/top.mk +@@ -164,6 +164,7 @@ CLIENT_LIBS = @CLIENT_LIBS@ + LUTIL_LIBS = @LUTIL_LIBS@ + LTHREAD_LIBS = @LTHREAD_LIBS@ + ++MDB_LIBS = @MDB_LIBS@ + SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@ + WT_LIBS = @WT_LIBS@ + +diff --git a/configure.ac b/configure.ac +index 9012d0b28..52dd72eb6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -547,6 +547,7 @@ AC_MSG_RESULT(done) + dnl ---------------------------------------------------------------- + dnl Initialize vars + LDAP_LIBS= ++MDB_LIBS= + SLAPD_NDB_LIBS= + SLAPD_NDB_INCS= + LTHREAD_LIBS= +@@ -646,6 +647,32 @@ dnl Checks for programs + + AC_DEFINE(HAVE_MKVERSION, 1, [define this if you have mkversion]) + ++dnl ---------------------------------------------------------------- ++ol_link_mdb=no ++ ++if test $ol_enable_mdb != no; then ++ OL_MDB ++ ++ if test $ol_cv_mdb = no ; then ++ AC_MSG_ERROR(MDB: LMDB not available) ++ fi ++ ++ AC_DEFINE(HAVE_MDB,1, ++ [define this if LMDB is available]) ++ ++ dnl $ol_cv_lib_mdb should be yes or -llmdb ++ dnl (it could be no, but that would be an error ++ if test $ol_cv_lib_mdb != yes ; then ++ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb" ++ fi ++ ++ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)" ++ ++ ol_link_mdb=yes ++fi ++ ++dnl ---------------------------------------------------------------- ++ + dnl ---------------------------------------------------------------- + dnl + dnl Determine which C translator to use +@@ -3150,6 +3177,7 @@ dnl pwmods + AC_SUBST(LDAP_LIBS) + AC_SUBST(CLIENT_LIBS) + AC_SUBST(SLAPD_LIBS) ++AC_SUBST(MDB_LIBS) + AC_SUBST(BALANCER_LIBS) + AC_SUBST(SLAPD_NDB_LIBS) + AC_SUBST(SLAPD_NDB_INCS) +diff --git a/servers/slapd/back-mdb/Makefile.in b/servers/slapd/back-mdb/Makefile.in +index ad3804898..f9319e227 100644 +--- a/servers/slapd/back-mdb/Makefile.in ++++ b/servers/slapd/back-mdb/Makefile.in +@@ -25,11 +25,10 @@ OBJS = init.lo tools.lo config.lo \ + extended.lo operational.lo \ + attr.lo index.lo key.lo filterindex.lo \ + dn2entry.lo dn2id.lo id2entry.lo idl.lo \ +- nextid.lo monitor.lo mdb.lo midl.lo ++ nextid.lo monitor.lo + + LDAP_INCDIR= ../../../include + LDAP_LIBDIR= ../../../libraries +-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb + + BUILD_OPT = "--enable-mdb" + BUILD_MOD = @BUILD_MDB@ +@@ -44,7 +43,7 @@ UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + + LIBBASE = back_mdb + +-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR) ++XINCPATH = -I.. -I$(srcdir)/.. + XDEFS = $(MODULES_CPPFLAGS) + + all-local-lib: ../.backend +@@ -52,11 +51,5 @@ all-local-lib: ../.backend + ../.backend: lib$(LIBBASE).a + @touch $@ + +-mdb.lo: $(MDB_SUBDIR)/mdb.c +- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c +- +-midl.lo: $(MDB_SUBDIR)/midl.c +- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c +- + veryclean-local-lib: FORCE + $(RM) $(XXHEADERS) $(XXSRCS) .links diff --git a/net-nds/openldap/files/slapd-2.6.1.service b/net-nds/openldap/files/slapd-2.6.1.service new file mode 100644 index 000000000000..5f08be3b37f9 --- /dev/null +++ b/net-nds/openldap/files/slapd-2.6.1.service @@ -0,0 +1,12 @@ +[Unit] +Description=OpenLDAP Server Daemon +After=network.target + +[Service] +Type=notify +PIDFile=/run/openldap/slapd.pid +ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS +ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-nds/openldap/files/slapd-confd-2.6.1 b/net-nds/openldap/files/slapd-confd-2.6.1 new file mode 100644 index 000000000000..9e7babbaaac1 --- /dev/null +++ b/net-nds/openldap/files/slapd-confd-2.6.1 @@ -0,0 +1,26 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. + +# If you have multiple slapd instances per #376699, this will provide a default config +INSTANCE="openldap${SVCNAME#slapd}" + +# If you use the classical configuration file: +OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" +# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 +#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" +# (the OPTS_CONF variable is also passed to slaptest during startup) + +OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2frun%2fopenldap%2fslapd.sock'" +# Optional connectionless LDAP: +#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2frun%2fopenldap%2fslapd.sock cldap://'" + +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" + +# Specify the kerberos keytab file +#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/net-nds/openldap/metadata.xml b/net-nds/openldap/metadata.xml index 901d31c63ed9..62176631c249 100644 --- a/net-nds/openldap/metadata.xml +++ b/net-nds/openldap/metadata.xml @@ -9,6 +9,8 @@ <email>ldap-b...@gentoo.org</email> </maintainer> <use> + <flag name="argon2">Enable password hashing algorithm from <pkg>app-crypt/argon2</pkg></flag> + <flag name="cleartext">Enable use of cleartext passwords</flag> <flag name="experimental">Enable experimental backend options</flag> <flag name="kinit">Enable support for kerberos init</flag> <flag name="odbc">Enable ODBC and SQL backend options</flag> @@ -19,6 +21,8 @@ <flag name="sha2">Enable support for pw-sha2 password hashes</flag> </use> <upstream> + <bugs-to>https://bugs.openldap.org/</bugs-to> <remote-id type="cpe">cpe:/a:openldap:openldap</remote-id> + <remote-id type="gitlab">openldap/openldap</remote-id> </upstream> </pkgmetadata> diff --git a/net-nds/openldap/openldap-2.6.1.ebuild b/net-nds/openldap/openldap-2.6.1.ebuild new file mode 100644 index 000000000000..7ca516cae4d6 --- /dev/null +++ b/net-nds/openldap/openldap-2.6.1.ebuild @@ -0,0 +1,796 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic multilib-minimal preserve-libs ssl-cert toolchain-funcs systemd tmpfiles + +MY_PV="$(ver_rs 1-2 _)" + +BIS_PN=rfc2307bis.schema +BIS_PV=20140524 +BIS_P="${BIS_PN}-${BIS_PV}" + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="https://www.OpenLDAP.org/"; + +SRC_URI=" + https://gitlab.com/openldap/${PN}/-/archive/OPENLDAP_REL_ENG_${MY_PV}/${PN}-OPENLDAP_REL_ENG_${MY_PV}.tar.gz + mirror://gentoo/${BIS_P}" + +LICENSE="OPENLDAP GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-solaris" + +IUSE_DAEMON="argon2 +cleartext crypt experimental minimal samba tcpd" +IUSE_OVERLAY="overlays perl" +IUSE_OPTIONAL="debug gnutls iodbc ipv6 odbc sasl ssl selinux static-libs +syslog test" +IUSE_CONTRIB="kerberos kinit pbkdf2 sha2 smbkrb5passwd" +IUSE_CONTRIB="${IUSE_CONTRIB} cxx" +IUSE="systemd ${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" +RESTRICT="!test? ( test )" + +RESTRICT="!test? ( test )" +REQUIRED_USE="cxx? ( sasl ) + pbkdf2? ( ssl ) + test? ( cleartext sasl ) + ?? ( test minimal )" + +S=${WORKDIR}/${PN}-OPENLDAP_REL_ENG_${MY_PV} + +# always list newer first +# Do not add any AGPL-3 BDB here! +# See bug 525110, comment 15. +# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build. +BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 4.8}" +BDB_PKGS='' +for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done + +# openssl is needed to generate lanman-passwords required by samba +COMMON_DEPEND=" + ssl? ( + !gnutls? ( + >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] + ) + gnutls? ( + >=net-libs/gnutls-2.12.23-r6:=[${MULTILIB_USEDEP}] + >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}] + ) + ) + sasl? ( dev-libs/cyrus-sasl:= ) + !minimal? ( + dev-libs/libltdl + sys-fs/e2fsprogs + >=dev-db/lmdb-0.9.18:= + argon2? ( app-crypt/argon2:= ) + crypt? ( virtual/libcrypt:= ) + tcpd? ( sys-apps/tcp-wrappers ) + odbc? ( !iodbc? ( dev-db/unixODBC ) + iodbc? ( dev-db/libiodbc ) ) + perl? ( dev-lang/perl:=[-build(-)] ) + samba? ( + dev-libs/openssl:0= + ) + smbkrb5passwd? ( + dev-libs/openssl:0= + kerberos? ( app-crypt/heimdal ) + ) + kerberos? ( + virtual/krb5 + kinit? ( !app-crypt/heimdal ) + ) + ) +" +DEPEND="${COMMON_DEPEND} + sys-apps/groff +" +RDEPEND="${COMMON_DEPEND} + selinux? ( sec-policy/selinux-ldap ) +" + +# The user/group are only used for running daemons which are +# disabled in minimal builds, so elide the accounts too. +BDEPEND="!minimal? ( + acct-group/ldap + acct-user/ldap +) +" + +# for tracking versions +OPENLDAP_VERSIONTAG=".version-tag" +OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" + +MULTILIB_WRAPPED_HEADERS=( + # USE=cxx + /usr/include/LDAPAsynConnection.h + /usr/include/LDAPAttrType.h + /usr/include/LDAPAttribute.h + /usr/include/LDAPAttributeList.h + /usr/include/LDAPConnection.h + /usr/include/LDAPConstraints.h + /usr/include/LDAPControl.h + /usr/include/LDAPControlSet.h + /usr/include/LDAPEntry.h + /usr/include/LDAPEntryList.h + /usr/include/LDAPException.h + /usr/include/LDAPExtResult.h + /usr/include/LDAPMessage.h + /usr/include/LDAPMessageQueue.h + /usr/include/LDAPModList.h + /usr/include/LDAPModification.h + /usr/include/LDAPObjClass.h + /usr/include/LDAPRebind.h + /usr/include/LDAPRebindAuth.h + /usr/include/LDAPReferenceList.h + /usr/include/LDAPResult.h + /usr/include/LDAPSaslBindResult.h + /usr/include/LDAPSchema.h + /usr/include/LDAPSearchReference.h + /usr/include/LDAPSearchResult.h + /usr/include/LDAPSearchResults.h + /usr/include/LDAPUrl.h + /usr/include/LDAPUrlList.h + /usr/include/LdifReader.h + /usr/include/LdifWriter.h + /usr/include/SaslInteraction.h + /usr/include/SaslInteractionHandler.h + /usr/include/StringList.h + /usr/include/TlsOptions.h +) + +PATCHES=( + "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch + "${FILESDIR}"/${PN}-2.6.1-system-mdb.patch + "${FILESDIR}"/${PN}-2.6.1-cloak.patch + "${FILESDIR}"/${PN}-2.6.1-flags.patch + "${FILESDIR}"/${PN}-2.6.1-fix-missing-mapping.patch +) + +openldap_filecount() { + local dir="$1" + find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l +} + +openldap_find_versiontags() { + # scan for all datadirs + local openldap_datadirs=() + if [[ -f "${EROOT}"/etc/openldap/slapd.conf ]]; then + openldap_datadirs=( $(awk '{if($1 == "directory") print $2 }' "${EROOT}"/etc/openldap/slapd.conf) ) + fi + openldap_datadirs+=( ${OPENLDAP_DEFAULTDIR_VERSIONTAG} ) + + einfo + einfo "Scanning datadir(s) from slapd.conf and" + einfo "the default installdir for Versiontags" + einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" + einfo + + # scan datadirs if we have a version tag + openldap_found_tag=0 + have_files=0 + for each in ${openldap_datadirs[@]} ; do + CURRENT_TAGDIR="${ROOT}$(sed "s:\/::" <<< ${each})" + CURRENT_TAG="${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}" + if [[ -d "${CURRENT_TAGDIR}" ]] && [[ "${openldap_found_tag}" == 0 ]] ; then + einfo "- Checking ${each}..." + if [[ -r "${CURRENT_TAG}" ]] ; then + # yey, we have one :) + einfo " Found Versiontag in ${each}" + source "${CURRENT_TAG}" + if [[ "${OLDPF}" == "" ]] ; then + eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" + eerror "Please delete it" + eerror + die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" + fi + + OLD_MAJOR=$(ver_cut 2-3 ${OLDPF}) + + [[ "$(openldap_filecount ${CURRENT_TAGDIR})" -gt 0 ]] && have_files=1 + + # are we on the same branch? + if [[ "${OLD_MAJOR}" != "${PV:0:3}" ]] ; then + ewarn " Versiontag doesn't match current major release!" + if [[ "${have_files}" == "1" ]] ; then + eerror " Versiontag says other major and you (probably) have datafiles!" + echo + openldap_upgrade_howto + else + einfo " No real problem, seems there's no database." + fi + else + einfo " Versiontag is fine here :)" + fi + else + einfo " Non-tagged dir ${each}" + [[ "$(openldap_filecount ${each})" -gt 0 ]] && have_files=1 + if [[ "${have_files}" == "1" ]] ; then + einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" + echo + + eerror + eerror "Your OpenLDAP Installation has a non tagged datadir that" + eerror "possibly contains a database at ${CURRENT_TAGDIR}" + eerror + eerror "Please export data if any entered and empty or remove" + eerror "the directory, installation has been stopped so you" + eerror "can take required action" + eerror + eerror "For a HOWTO on exporting the data, see instructions in the ebuild" + eerror + openldap_upgrade_howto + die "Please move the datadir ${CURRENT_TAGDIR} away" + fi + fi + einfo + fi + done + [[ "${have_files}" == "1" ]] && einfo "DB files present" || einfo "No DB files present" + + # Now we must check for the major version of sys-libs/db linked against. + SLAPD_PATH="${EROOT}/usr/$(get_libdir)/openldap/slapd" + if [[ "${have_files}" == "1" ]] && [[ -f "${SLAPD_PATH}" ]]; then + OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ + | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" + local fail=0 + if [[ -z "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then + : + # Nothing wrong here. + elif [[ -z "${OLDVER}" ]] && [[ -n "${NEWVER}" ]]; then + eerror " Your existing version of OpenLDAP was not built against" + eerror " any version of sys-libs/db, but the new one will build" + eerror " against ${NEWVER} and your database may be inaccessible." + echo + fail=1 + elif [[ -n "${OLDVER}" ]] && [[ -z "${NEWVER}" ]]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will not be" + eerror " built against any version and your database may be" + eerror " inaccessible." + echo + fail=1 + elif [[ "${OLDVER}" != "${NEWVER}" ]]; then + eerror " Your existing version of OpenLDAP was built against" + eerror " sys-libs/db:${OLDVER}, but the new one will build against" + eerror " ${NEWVER} and your database would be inaccessible." + echo + fail=1 + fi + [[ "${fail}" == "1" ]] && openldap_upgrade_howto + fi + + echo + einfo + einfo "All datadirs are fine, proceeding with merge now..." + einfo +} + +openldap_upgrade_howto() { + local d l i + eerror + eerror "A (possible old) installation of OpenLDAP was detected," + eerror "installation will not proceed for now." + eerror + eerror "As major version upgrades can corrupt your database," + eerror "you need to dump your database and re-create it afterwards." + eerror + eerror "Additionally, rebuilding against different major versions of the" + eerror "sys-libs/db libraries will cause your database to be inaccessible." + eerror "" + d="$(date -u +%s)" + l="/root/ldapdump.${d}" + i="${l}.raw" + eerror " 1. /etc/init.d/slapd stop" + eerror " 2. slapcat -l ${i}" + eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" + eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" + eerror " 5. emerge --update \=net-nds/${PF}" + eerror " 6. etc-update, and ensure that you apply the changes" + eerror " 7. slapadd -l ${l}" + eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" + eerror " 9. /etc/init.d/slapd start" + eerror "10. check that your data is intact." + eerror "11. set up the new replication system." + eerror + if [[ "${FORCE_UPGRADE}" != "1" ]]; then + die "You need to upgrade your database first" + else + eerror "You have the magical FORCE_UPGRADE=1 in place." + eerror "Don't say you weren't warned about data loss." + fi +} + +pkg_setup() { + if ! use sasl && use cxx ; then + die "To build the ldapc++ library you must emerge openldap with sasl support" + fi + # Bug #322787 + if use minimal && ! has_version "net-nds/openldap" ; then + einfo "No datadir scan needed, openldap not installed" + elif use minimal && has_version 'net-nds/openldap[minimal]' ; then + einfo "Skipping scan for previous datadirs as requested by minimal useflag" + else + openldap_find_versiontags + fi +} + +src_prepare() { + rm -r libraries/liblmdb || die 'could not removed bundled lmdb directory' + + for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do + iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8" + mv "$filename.utf8" "$filename" + done + + default + + sed -i \ + -e "s:\$(localstatedir)/run:${EPREFIX}/run:" \ + servers/slapd/Makefile.in || die 'adjusting slapd Makefile.in failed' + + pushd build &>/dev/null || die "pushd build" + einfo "Making sure upstream build strip does not do stripping too early" + sed -i.orig \ + -e '/^STRIP/s,-s,,g' \ + top.mk || die "Failed to remove to early stripping" + popd &>/dev/null || die + + eautoreconf + multilib_copy_sources +} + +build_contrib_module() { + # <dir> [<target>] + pushd "${S}/contrib/slapd-modules/$1" &>/dev/null || die "pushd contrib/slapd-modules/$1" + einfo "Compiling contrib-module: $1" + local target="${2:-all}" + emake \ + LDAP_BUILD="${BUILD_DIR}" prefix="${EPREFIX}/usr" \ + CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" \ + "$target" + popd &>/dev/null || die +} + +multilib_src_configure() { + # Optional Features + myconf+=( + --enable-option-checking + $(use_enable debug) + --enable-dynamic + $(use_enable syslog) + $(use_enable ipv6) + --enable-local + ) + + # Optional Packages + myconf+=( + --without-fetch + ) + + if ! use minimal && multilib_is_native_abi; then + # SLAPD (Standalone LDAP Daemon) Options + # overlay chaining requires '--enable-ldap' #296567 + # see https://www.openldap.org/doc/admin26/overlays.html#Chaining + myconf+=( + --enable-ldap=yes + --enable-slapd + $(use_enable cleartext) + $(use_enable crypt) + $(multilib_native_use_enable sasl spasswd) + --disable-slp + $(use_enable tcpd wrappers) + ) + if use experimental ; then + # connectionless ldap per bug #342439 + # connectionless is a unsupported feature according to Howard Chu + # see https://bugs.openldap.org/show_bug.cgi?id=9739 + append-cppflags -DLDAP_CONNECTIONLESS + + myconf+=( + --enable-dynacl + # ACI build as dynamic module not supported (yet) + --enable-aci=yes + ) + fi + + for option in modules rlookups slapi; do + myconf+=( --enable-${option} ) + done + + # static SLAPD backends + for backend in mdb; do + myconf+=( --enable-${backend}=yes ) + done + + # module SLAPD backends + for backend in asyncmeta dnssrv meta null passwd relay sock; do + # missing modules: wiredtiger (not available in portage) + myconf+=( --enable-${backend}=mod ) + done + + use perl && myconf+=( --enable-perl=mod ) + + if use odbc ; then + myconf+=( --enable-sql=mod ) + if use iodbc ; then + myconf+=( --with-odbc="iodbc" ) + append-cflags -I"${EPREFIX}"/usr/include/iodbc + else + myconf+=( --with-odbc="unixodbc" ) + fi + fi + + use overlays && myconf+=( --enable-overlays=mod ) + # compile-in the syncprov + myconf+=( --enable-syncprov=yes ) + + # SLAPD Password Module Options + myconf+=( + $(use_enable argon2) + ) + + # Optional Packages + myconf+=( + $(use_with systemd) + $(multilib_native_use_with sasl cyrus-sasl) + ) + else + myconf+=( + --disable-backends + --disable-slapd + --disable-mdb + --disable-overlays + --disable-syslog + --without-systemd + ) + fi + + # Library Generation & Linking Options + myconf+=( + $(use_enable static-libs static) + --enable-shared + --enable-versioning + --with-pic + ) + + # some cross-compiling tests don't pan out well. + tc-is-cross-compiler && myconf+=( + --with-yielding-select=yes + ) + + local ssl_lib="no" + if use ssl || ( ! use minimal && use samba ) ; then + if use gnutls ; then + myconf+=( --with-tls="gnutls" ) + else + # disable MD2 hash function + append-cflags -DOPENSSL_NO_MD2 + myconf+=( --with-tls="openssl" ) + fi + else + myconf+=( --with-tls="no" ) + fi + + tc-export AR CC CXX + + ECONF_SOURCE="${S}" econf \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ + --localstatedir="${EPREFIX}"/var \ + --runstatedir="${EPREFIX}"/run \ + --sharedstatedir="${EPREFIX}"/var/lib \ + "${myconf[@]}" + + # argument '--runstatedir' seems to have no effect therefore this workaround + sed -i \ + -e 's:^runstatedir=.*:runstatedir=${EPREFIX}/run:' \ + configure contrib/ldapc++/configure contrib/ldaptcl/configure || die 'could not set runstatedir' + + sed -i \ + -e "s:/var/run/sasl2/mux:${EPREFIX}/run/sasl2/mux:" \ + doc/guide/admin/security.sdf || die 'could not fix run path in doc' + + emake depend +} + +src_configure_cxx() { + # This needs the libraries built by the first build run. + # we have to run it AFTER the main build, not just after the main configure + local myconf_ldapcpp=( + --with-libldap="${E}/lib" + --with-ldap-includes="${S}/include" + ) + + mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die "could not create ${BUILD_DIR}/contrib/ldapc++ directory" + pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++" + local LDFLAGS=${LDFLAGS} + local CPPFLAGS=${CPPFLAGS} + append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ + -L"${BUILD_DIR}"/libraries/libldap/.libs + append-cppflags -I"${BUILD_DIR}"/include + ECONF_SOURCE=${S}/contrib/ldapc++ \ + econf "${myconf_ldapcpp[@]}" + popd &>/dev/null || die "popd contrib/ldapc++" +} + +multilib_src_compile() { + tc-export AR CC CXX + emake CC=$(tc-getCC) SHELL="${EPREFIX}"/bin/sh + + if ! use minimal && multilib_is_native_abi ; then + if use cxx ; then + einfo "Building contrib library: ldapc++" + src_configure_cxx + pushd "${BUILD_DIR}/contrib/ldapc++" &>/dev/null || die "pushd contrib/ldapc++" + emake + popd &>/dev/null || die + fi + + if use smbkrb5passwd ; then + einfo "Building contrib-module: smbk5pwd" + pushd "${S}/contrib/slapd-modules/smbk5pwd" &>/dev/null || die "pushd contrib/slapd-modules/smbk5pwd" + + MY_DEFS="-DDO_SHADOW" + if use samba ; then + MY_DEFS="${MY_DEFS} -DDO_SAMBA" + MY_KRB5_INC="" + fi + if use kerberos ; then + MY_DEFS="${MY_DEFS} -DDO_KRB5" + MY_KRB5_INC="$(krb5-config --cflags)" + fi + + emake \ + DEFS="${MY_DEFS}" \ + KRB5_INC="${MY_KRB5_INC}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" + popd &>/dev/null || die + fi + + if use overlays ; then + einfo "Building contrib-module: samba4" + pushd "${S}/contrib/slapd-modules/samba4" &>/dev/null || die "pushd contrib/slapd-modules/samba4" + + emake \ + LDAP_BUILD="${BUILD_DIR}" \ + CC=$(tc-getCC) libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap + popd &>/dev/null || die + fi + + if use kerberos ; then + if use kinit ; then + build_contrib_module "kinit" "kinit.c" "kinit" + fi + build_contrib_module "passwd" "pw-kerberos.la" + fi + + if use pbkdf2; then + build_contrib_module "passwd/pbkdf2" + fi + + if use sha2 ; then + build_contrib_module "passwd/sha2" + fi + + # We could build pw-radius if GNURadius would install radlib.h + build_contrib_module "passwd" "pw-netscape.la" + + #build_contrib_module "acl" "posixgroup.la" # example code only + #build_contrib_module "acl" "gssacl.la" # example code only, also needs kerberos + build_contrib_module "addpartial" + build_contrib_module "allop" + build_contrib_module "allowed" + build_contrib_module "autogroup" + build_contrib_module "cloak" + # build_contrib_module "comp_match" # really complex, adds new external deps, questionable demand + build_contrib_module "denyop" + build_contrib_module "dsaschema" + build_contrib_module "dupent" + build_contrib_module "lastbind" + # lastmod may not play well with other overlays + build_contrib_module "lastmod" + build_contrib_module "noopsrch" + #build_contrib_module "nops" https://bugs.gentoo.org/641576 + #build_contrib_module "nssov" RESO:LATER + build_contrib_module "trace" + # build slapi-plugins + pushd "${S}/contrib/slapi-plugins/addrdnvalues" &>/dev/null || die "pushd contrib/slapi-plugins/addrdnvalues" + einfo "Building contrib-module: addrdnvalues plugin" + $(tc-getCC) -shared \ + -I"${BUILD_DIR}"/include \ + -I../../../include \ + ${CFLAGS} \ + -fPIC \ + ${LDFLAGS} \ + -o libaddrdnvalues-plugin.so \ + addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" + popd &>/dev/null || die + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + emake test + fi +} + +multilib_src_install() { + emake CC=$(tc-getCC) \ + DESTDIR="${D}" SHELL="${EPREFIX}"/bin/sh install + + if ! use minimal && multilib_is_native_abi; then + # openldap modules go here + # TODO: write some code to populate slapd.conf with moduleload statements + keepdir /usr/$(get_libdir)/openldap/openldap/ + + # initial data storage dir + keepdir /var/lib/openldap-data + use prefix || fowners ldap:ldap /var/lib/openldap-data + fperms 0700 /var/lib/openldap-data + + echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + + # use our config + rm "${ED}"/etc/openldap/slapd.conf + insinto /etc/openldap + newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf + configfile="${ED}"/etc/openldap/slapd.conf + + # populate with built backends + ebegin "populate config with built backends" + for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do + einfo "Adding $(basename ${x})" + sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die + done + sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" + use prefix || fowners root:ldap /etc/openldap/slapd.conf + fperms 0640 /etc/openldap/slapd.conf + cp "${configfile}" "${configfile}".default || die + eend $? + + # install our own init scripts and systemd unit files + einfo "Install init scripts" + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die + doinitd "${T}"/slapd + newconfd "${FILESDIR}"/slapd-confd-2.6.1 slapd + + einfo "Install systemd service" + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-2.6.1.service > "${T}"/slapd.service || die + systemd_dounit "${T}"/slapd.service + systemd_install_serviced "${FILESDIR}"/slapd.service.conf + newtmpfiles "${FILESDIR}"/slapd.tmpfilesd slapd.conf + + # if built without SLP, we don't need to be before avahi + sed -i \ + -e '/before/{s/avahi-daemon//g}' \ + "${ED}"/etc/init.d/slapd \ + || die + + if use cxx ; then + einfo "Install the ldapc++ library" + cd "${BUILD_DIR}/contrib/ldapc++" || die + emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + cd "${S}"/contrib/ldapc++ || die + newdoc README ldapc++-README + fi + + if use smbkrb5passwd ; then + einfo "Install the smbk5pwd module" + cd "${S}/contrib/slapd-modules/smbk5pwd" || die + emake DESTDIR="${D}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + newdoc README smbk5pwd-README + fi + + if use overlays ; then + einfo "Install the samba4 module" + cd "${S}/contrib/slapd-modules/samba4" || die + emake DESTDIR="${D}" \ + LDAP_BUILD="${BUILD_DIR}" \ + libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install + newdoc README samba4-README + fi + + einfo "Installing contrib modules" + cd "${S}/contrib/slapd-modules" || die + for l in */*.la */*/*.la; do + [[ -e ${l} ]] || continue + libtool --mode=install cp ${l} \ + "${ED}"/usr/$(get_libdir)/openldap/openldap || \ + die "installing ${l} failed" + done + + dodoc "${FILESDIR}"/DB_CONFIG.fast.example + docinto contrib + doman */*.5 + #newdoc acl/README* + newdoc addpartial/README addpartial-README + newdoc allop/README allop-README + newdoc allowed/README allowed-README + newdoc autogroup/README autogroup-README + newdoc dsaschema/README dsaschema-README + newdoc passwd/README passwd-README + cd "${S}/contrib/slapi-plugins" || die + insinto /usr/$(get_libdir)/openldap/openldap + doins */*.so + docinto contrib + newdoc addrdnvalues/README addrdnvalues-README + + insinto /etc/openldap/schema + newins "${DISTDIR}"/${BIS_P} ${BIS_PN} + + docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample* + docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm + + dosbin "${S}"/contrib/slapd-tools/statslog + newdoc "${S}"/contrib/slapd-tools/README README.statslog + fi + + if ! use static-libs ; then + find "${ED}" \( -name '*.a' -o -name '*.la' \) -delete || die + fi + + rmdir "${ED}/run" || die +} + +multilib_src_install_all() { + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README + docinto rfc ; dodoc doc/rfc/*.txt +} + +pkg_preinst() { + # keep old libs if any + preserve_old_lib /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0) + # bug 440470, only display the getting started help there was no openldap before, + # or we are going to a non-minimal build + ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]' + OPENLDAP_PRINT_MESSAGES=$((! $?)) +} + +pkg_postinst() { + if ! use minimal ; then + tmpfiles_process slapd.conf + + # You cannot build SSL certificates during src_install that will make + # binary packages containing your SSL key, which is both a security risk + # and a misconfiguration if multiple machines use the same key and cert. + if use ssl; then + install_cert /etc/openldap/ssl/ldap + use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.* + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "add 'TLS_REQCERT allow' if you want to use them." + fi + + if use prefix; then + # Warn about prefix issues with slapd + eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" + eerror "to start up, and requires that certain files directories be owned by" + eerror "ldap:ldap. As Prefix does not support changing ownership of files and" + eerror "directories, you will have to manually fix this yourself." + fi + + # These lines force the permissions of various content to be correct + if [[ -d "${EROOT}"/var/run/openldap ]]; then + use prefix || { chown ldap:ldap "${EROOT}"/var/run/openldap || die; } + chmod 0755 "${EROOT}"/var/run/openldap || die + fi + use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default} + chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die + use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data + fi + + if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then + elog "Getting started using OpenLDAP? There is some documentation available:" + elog "Gentoo Guide to OpenLDAP Authentication" + elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)" + elog "---" + elog "An example file for tuning BDB backends with openldap is" + elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" + fi + + preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.4$(get_libname 0) +}
