commit: 6262236eeeb6c1a6306cf10d79f58e9166e30c0b Author: Christopher Byrne <salah.coronya <AT> gmail <DOT> com> AuthorDate: Tue Jun 11 04:06:34 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Dec 1 12:57:37 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6262236e
sys-auth/sssd: add 2.10.0 Big changes in 2.10.0. A migration will be required as sssd now runs under its own user. Many USE flags dropped and merged as they are required anyway: "sudo" is merged as added no dependecies, so it was dropped, "python" is merged as bits of sssd are written in Python, so build the bindings anyway. "acl" is merge because sssd is now capability-based, even in root mode, and "subid" is merged because sys-apps/shadow is part of the system set, and all versions of it in the tree support it. A new USE flag, "passkey" is added to support passkey logins (LDAP auth only). Please read https://sssd.io/release-notes/sssd-2.10.0.html as this is a major change. In particular, the default ldap_id_use_start_tls value changed from false to true for improved security. This affects Kerberos users without TLS in particular. Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com> Closes: https://github.com/gentoo/gentoo/pull/37116 Signed-off-by: Sam James <sam <AT> gentoo.org> sys-auth/sssd/Manifest | 1 + ...uild-remove-superfluous-WITH_IFP-leftover.patch | 33 ++ .../sssd-2.10.0-build-stop-overriding-CFLAGS.patch | 136 ++++++++ ...sd-2.10.0_beta2-fix-systemd-systemconfdir.patch | 22 ++ sys-auth/sssd/metadata.xml | 1 + sys-auth/sssd/sssd-2.10.0.ebuild | 371 +++++++++++++++++++++ 6 files changed, 564 insertions(+) diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest index 5cf4abaf188e..257ac8082415 100644 --- a/sys-auth/sssd/Manifest +++ b/sys-auth/sssd/Manifest @@ -1 +1,2 @@ +DIST sssd-2.10.0.tar.gz 9177851 BLAKE2B 027a1b9c38841427089d93ff9d8e424c7c1bf9433eea0033ce77a8c13fd1ac65de975a0ab747e1f08a6f9c4253599ed12e8cc364f0db442019603ab1c1932128 SHA512 d237ff135fb21bcd1040787d6dfe8fa383290fbae1f15c6917284beb38dd95ecf6418335302e26be40c65e44e8b44135499eec0b98119ea53a38098ac0bc1e2c DIST sssd-2.9.5.tar.gz 8001964 BLAKE2B e9c839e58fbeac9e8cba83b726f075c5db6ce85059546d745672c222b594f4aa26ad103f0eb3a8ff9e2b364c3502fb93c639fe9e621fefd6fecd2319f5cb499a SHA512 d219f12ffc75af233f0e4ffc62c0442acc6da3cd94ed4eab7102a78821af5257c8e4ba0d06b2c99c08e06502f8d0d0bcc80540d63823dbe0f52eb0432ae7e14d diff --git a/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch b/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch new file mode 100644 index 000000000000..d38fa1989d29 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch @@ -0,0 +1,33 @@ +From 3476355e8368358f6bc17ec93fb057b739094c3a Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt <jeng...@inai.de> +Date: Fri, 18 Oct 2024 12:37:01 +0200 +Subject: [PATCH 1/2] build: remove superfluous WITH_IFP leftover + +``` +$ autoreconf && configure +... +./configure: line 18674: WITH_IFP: command not found +``` + +Fixes: 2.10.0-beta2-63-ge5140ab08 + +Reviewed-by: Alexey Tikhonov <atikh...@redhat.com> +--- + configure.ac | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 380c16ba8..b5222ae97 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -187,7 +187,6 @@ WITH_SUBID_LIB_PATH + WITH_PASSKEY + WITH_SSH + WITH_SSH_KNOWN_HOSTS_PROXY +-WITH_IFP + WITH_LIBSIFP + WITH_SYSLOG + WITH_SAMBA +-- +2.45.2 + diff --git a/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch b/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch new file mode 100644 index 000000000000..4545ed20f840 --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.10.0-build-stop-overriding-CFLAGS.patch @@ -0,0 +1,136 @@ +From c0b28db6f9ca33ebe11434c84c37e34ddb047280 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt <jeng...@inai.de> +Date: Fri, 18 Oct 2024 12:46:28 +0200 +Subject: [PATCH 2/2] build: stop overriding CFLAGS +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CFLAGS is reserved for the user. configure must finish in an +idempotent state and not touch it, pursuant to automake.info §3.6 +"Variables reserved for the user". + +Observed: + +``` +$ ./configure && make CFLAGS=-O1 +… +libtool: compile: gcc -DHAVE_CONFIG_H -I. -Wall -I.. +-I./src/sss_client -I./src -I. -I/usr/include/samba-4.0 +-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include +-I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\" +-DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\" +-DSSS_STATEDIR=\"/usr/local/var/lib/sss\" +-DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\" +-DSSSDDATADIR=\"/usr/local/share/sssd\" +-DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\" +-DSSSD_CONF_DIR=\"/usr/local/etc/sssd\" +-DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\" +-DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\" +-DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\" +-DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\" +-DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\" +-DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\" +-DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\" +-DLOCALEDIR=\"/usr/local/share/locale\" +-DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow +-Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align +-Wwrite-strings -Wundef -Werror-implicit-function-declaration +-Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 +-O1 -MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF +src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c src/db/sysdb_ops.c -fPIC +-DPIC -o src/db/.libs/libsss_util_la-sysdb_ops.o +``` + +Expected: + +``` +libtool: compile: gcc -DHAVE_CONFIG_H -I. -Wall -I.. +-I./src/sss_client -I./src -I. -I/usr/include/samba-4.0 +-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include +-I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\" +-DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\" +-DSSS_STATEDIR=\"/usr/local/var/lib/sss\" +-DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\" +-DSSSDDATADIR=\"/usr/local/share/sssd\" +-DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\" +-DSSSD_CONF_DIR=\"/usr/local/etc/sssd\" +-DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\" +-DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\" +-DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\" +-DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\" +-DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\" +-DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\" +-DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\" +-DLOCALEDIR=\"/usr/local/share/locale\" +-DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow +-Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align +-Wwrite-strings -Wundef -Werror-implicit-function-declaration +-Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 +-O1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE +-MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF +src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c +``` + +Fixes: sssd-1_3_0-3-g551aa6c36 + +Reviewed-by: Iker Pedrosa <ipedr...@redhat.com> +Reviewed-by: Pavel Březina <pbrez...@redhat.com> +--- + Makefile.am | 2 +- + configure.ac | 3 ++- + src/tests/cwrap/Makefile.am | 1 + + src/tests/intg/Makefile.am | 1 + + 4 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 839b25eae..93c7ce088 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -137,7 +137,7 @@ ifp_non_root_owner_policy = + endif + + +-AM_CFLAGS = ++AM_CFLAGS = $(my_CFLAGS) + if WANT_AUX_INFO + AM_CFLAGS += -aux-info $@.X + endif +diff --git a/configure.ac b/configure.ac +index b5222ae97..bf172e2ec 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -11,7 +11,8 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], + [AC_USE_SYSTEM_EXTENSIONS], + [AC_GNU_SOURCE]) + +-CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" ++my_CFLAGS="-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" ++AC_SUBST([my_CFLAGS]) + + + AM_INIT_AUTOMAKE([-Wall -Wno-portability foreign subdir-objects tar-pax +diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am +index 797d9e640..653687d24 100644 +--- a/src/tests/cwrap/Makefile.am ++++ b/src/tests/cwrap/Makefile.am +@@ -22,6 +22,7 @@ AM_CPPFLAGS = \ + $(OPENLDAP_CFLAGS) \ + $(GLIB2_CFLAGS) \ + $(NULL) ++AM_CFLAGS = $(my_CFLAGS) + + TESTS_ENVIRONMENT = \ + CWRAP_TEST_SRCDIR=$(abs_srcdir) \ +diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am +index 802cbe18b..e2f8066a8 100644 +--- a/src/tests/intg/Makefile.am ++++ b/src/tests/intg/Makefile.am +@@ -1,3 +1,4 @@ ++AM_CFLAGS = $(my_CFLAGS) + dist_noinst_DATA = \ + __init__.py \ + config.py.m4 \ +-- +2.45.2 + diff --git a/sys-auth/sssd/files/sssd-2.10.0_beta2-fix-systemd-systemconfdir.patch b/sys-auth/sssd/files/sssd-2.10.0_beta2-fix-systemd-systemconfdir.patch new file mode 100644 index 000000000000..9959199d223b --- /dev/null +++ b/sys-auth/sssd/files/sssd-2.10.0_beta2-fix-systemd-systemconfdir.patch @@ -0,0 +1,22 @@ +diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 +index c0efc3ad1..07fef0c1a 100644 +--- a/src/conf_macros.m4 ++++ b/src/conf_macros.m4 +@@ -227,14 +227,14 @@ AC_DEFUN([WITH_SYSTEMD_CONF_DIR], + if test x"$with_systemdconfdir" != x; then + systemdconfdir=$with_systemdconfdir + else +- pkgconfigdir=${prefix}$($PKG_CONFIG --variable=systemdsystemconfdir systemd) ++ pkgconfigdir=$($PKG_CONFIG --variable=systemdsystemconfdir systemd) + if test x"$pkgconfigdir" = x; then + AC_MSG_ERROR([Could not detect systemd config directory]) + fi +- if test "${pkgconfigdir:0:${#prefix}}" = "${prefix}"; then ++ if test "${pkgconfigdir:0:${#sysconfdir}}" = "${sysconfdir}"; then + systemdconfdir=${pkgconfigdir} + else +- systemdconfdir=${prefix}${pkgconfigdir} ++ systemdconfdir=${sysconfdir}${pkgconfigdir} + fi + fi + AC_SUBST(systemdconfdir, [$systemdconfdir/sssd.service.d]) diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml index f1d1125d52ca..09bfecfe2361 100644 --- a/sys-auth/sssd/metadata.xml +++ b/sys-auth/sssd/metadata.xml @@ -17,6 +17,7 @@ <flag name="acl"> Build and use the cifsidmap plugin</flag> <flag name="netlink">Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag> <flag name="nfsv4">Add support for the nfsv4 idmapd plugin provided by <pkg>net-fs/nfs-utils</pkg></flag> + <flag name="passkey">Add support for FIDO2 passkeys"</flag> <flag name="samba">Add Privileged Attribute Certificate Support for Kerberos</flag> <flag name="subid">Support subordinate uid and gid ranges in FreeIPA</flag> <flag name="sudo">Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag> diff --git a/sys-auth/sssd/sssd-2.10.0.ebuild b/sys-auth/sssd/sssd-2.10.0.ebuild new file mode 100644 index 000000000000..b885b50db19b --- /dev/null +++ b/sys-auth/sssd/sssd-2.10.0.ebuild @@ -0,0 +1,371 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PLOCALES="ca de es fr ja ko pt_BR ru sv tr uk" +PLOCALES_BIN="${PLOCALES} bg cs eu fi hu id it ka nb nl pl pt tg zh_TW zh_CN" +PLOCALE_BACKUP="sv" +PYTHON_COMPAT=( python3_{10..12} ) + +inherit autotools linux-info multilib-minimal optfeature plocale \ + python-single-r1 pam systemd tmpfiles udev toolchain-funcs + +DESCRIPTION="System Security Services Daemon provides access to identity and authentication" +HOMEPAGE="https://github.com/SSSD/sssd"; +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/SSSD/sssd/releases/download/${PV}/${P}.tar.gz"; +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/SSSD/sssd.git"; + EGIT_BRANCH="master" +fi + +LICENSE="GPL-3" +SLOT="0" +IUSE="doc +netlink nfsv4 nls passkey samba selinux systemd systemtap test" +REQUIRED_USE=" ( ${PYTHON_REQUIRED_USE} ) " +RESTRICT="!test? ( test )" + +DEPEND=" + >=app-crypt/mit-krb5-1.19.1[${MULTILIB_USEDEP}] + app-crypt/p11-kit + >=dev-libs/ding-libs-0.2 + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + dev-libs/jansson:= + dev-libs/libpcre2:= + dev-libs/libunistring:=[${MULTILIB_USEDEP}] + >=dev-libs/popt-1.16 + >=dev-libs/openssl-1.0.2:= + >=net-dns/bind-tools-9.9[gssapi] + >=net-dns/c-ares-1.10.0-r1:=[${MULTILIB_USEDEP}] + >=net-nds/openldap-2.4.30:=[sasl,experimental] + net-fs/cifs-utils[acl] + >=sys-apps/dbus-1.6 + >=sys-apps/keyutils-1.5:= + sys-libs/libcap + >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] + >=sys-libs/talloc-2.0.7 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.16 + virtual/ldb:= + virtual/libintl + netlink? ( dev-libs/libnl:3 ) + nfsv4? ( >=net-fs/nfs-utils-2.3.1-r2 ) + nls? ( >=sys-devel/gettext-0.18 ) + passkey? ( dev-libs/libfido2:= ) + ${PYTHON_DEPS} + systemd? ( + $(python_gen_cond_dep ' + dev-python/python-systemd[${PYTHON_USEDEP}] + ') + ) + samba? ( >=net-fs/samba-4.10.2[winbind] ) + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + systemd? ( + sys-apps/systemd:= + sys-apps/util-linux + ) + systemtap? ( dev-debug/systemtap )" +RDEPEND="${DEPEND} + acct-user/sssd + acct-group/sssd + passkey? ( sys-apps/pcsc-lite[policykit] ) + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 )" +BDEPEND=" + acct-user/sssd + acct-group/sssd + sys-libs/libcap + virtual/pkgconfig + ${PYTHON_DEPS} + doc? ( app-text/doxygen ) + nls? ( app-text/po4a + sys-devel/gettext ) + test? ( + dev-libs/check + dev-libs/softhsm:2 + dev-util/cmocka + net-libs/gnutls[pkcs11,tools] + sys-libs/libfaketime + sys-libs/nss_wrapper + sys-libs/pam_wrapper + sys-libs/uid_wrapper + ) + app-text/docbook-xml-dtd:4.4 + >=dev-libs/libxslt-1.1.26 +" + +CONFIG_CHECK="~KEYS" + +PATCHES=( + "${FILESDIR}/${PN}-2.8.2-krb5_pw_locked.patch" + "${FILESDIR}/${PN}-2.10.0_beta2-fix-systemd-systemconfdir.patch" + "${FILESDIR}/${PN}-2.10.0-build-remove-superfluous-WITH_IFP-leftover.patch" + "${FILESDIR}/${PN}-2.10.0-build-stop-overriding-CFLAGS.patch" +) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ipa_hbac.h + /usr/include/sss_idmap.h + /usr/include/sss_nss_idmap.h + # --with-ifp + /usr/include/sss_sifp.h + /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h +) + +sssd_migrate_files() { + if has_version "<=sys-auth/sssd-2.9.9999" + then + einfo "Checking if sssd is running" + if [ -f /run/sssd.pid ] + then + elog "Please stop sssd after installing before" + elog "performing the migration process" + fi + einfo "Checking if /var/lib/sss ownership" + if [ -d /var/lib/sss ] && [ $(stat -c "%U:%G" /var/lib/sss) != "sssd:sssd" ] + then + elog "After installing, please execute" + elog "chown -R sssd:sssd /var/lib/sss" + fi + einfo "Checking if /var/log/sssd ownership" + if [ -d /var/log/sssd ] && [ $(stat -c "%U:%G" /var/log/sssd) != "sssd:sssd" ] + then + elog "After installing, please execute" + elog "chown -R sssd:sssd /var/log/sssd" + fi + einfo "Checking if /etc/sssd ownership" + if ! use systemd && [ -d /etc/sssd ] && [ $(stat -c "%U:%G" /etc/sssd) != "root:sssd" ] + then + elog "After installing, please execute" + elog "chown -R root:sssd /etc/sssd" + fi + fi +} + +pkg_setup() { + linux-info_pkg_setup + python-single-r1_pkg_setup + + sssd_migrate_files +} + +src_prepare() { + default + + plocale_get_locales > src/man/po/LINGUAS || die + + sed -i \ + -e "/_langs]/ s/ .*//" \ + src/man/po/po4a.cfg \ + || die + enable_locale() { + local locale=${1} + + sed -i \ + -e "/_langs]/ s/$/ ${locale}/" \ + src/man/po/po4a.cfg \ + || die + } + + plocale_for_each_locale enable_locale + + PLOCALES="${PLOCALES_BIN}" + plocale_get_locales > po/LINGUAS || die + + sed -i \ + -e 's:/var/run:/run:' \ + src/examples/logrotate \ + || die + + # disable flaky test, see https://github.com/SSSD/sssd/issues/5631 + sed -i \ + -e '/^\s*pam-srv-tests[ \\]*$/d' \ + Makefile.am \ + || die + + # requires valgrind headers installed + sed -i \ + -e '/^\s*test-iobuf[ \\]*$/d' \ + Makefile.am \ + || die + + eautoreconf + + multilib_copy_sources +} + +src_configure() { + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1 || die) + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=() + + myconf+=( + --libexecdir="${EPREFIX}"/usr/libexec + --localstatedir="${EPREFIX}"/var + --runstatedir="${EPREFIX}"/run + --sbindir="${EPREFIX}"/usr/sbin + --with-pid-path="${EPREFIX}"/run/sssd + --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd + --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-db-path="${EPREFIX}"/var/lib/sss/db + --with-gpo-cache-path="${EPREFIX}"/var/lib/sss/gpo_cache + --with-pubconf-path="${EPREFIX}"/var/lib/sss/pubconf + --with-pipe-path="${EPREFIX}"/var/lib/sss/pipes + --with-mcache-path="${EPREFIX}"/var/lib/sss/mc + --with-secrets-db-path="${EPREFIX}"/var/lib/sss/secrets + --with-log-path="${EPREFIX}"/var/log/sssd + --with-tmpfilesdir=/usr/lib/tmpfiles.d + --with-udevrulesdir="$(get_udevdir)/rules.d" + --with-kcm + --enable-kcm-renewal + --with-os=gentoo + --disable-rpath + --disable-static + # Valgrind is only used for tests + --disable-valgrind + $(use_with samba) + --with-smb-idmap-interface-version=6 + --enable-cifs-idmap-plugin + $(multilib_native_use_with selinux) + --enable-krb5-locator-plugin + $(use_enable samba pac-responder) + $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) + $(use_enable nls) + $(multilib_native_use_with netlink libnl) + --with-manpages + --with-sudo + $(multilib_native_with autofs) + $(multilib_native_with ssh) + --without-oidc-child + $(multilib_native_with passkey) + --with-subid + $(use_enable systemtap) + --without-python2-bindings + --with-python3-bindings + # Annoyingly configure requires that you pick systemd XOR sysv + --with-initscript=$(usex systemd systemd sysv) + --with-sssd-user=sssd + CPPFLAGS="${CPPFLAGS} -I/usr/include/samba-4.0" + ) + + use systemd && myconf+=( + --with-systemdunitdir=$(systemd_get_systemunitdir) + ) + + if ! multilib_is_native_abi; then + # work-around all the libraries that are used for CLI and server + myconf+=( + {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' + # ldb headers are fine since native needs it + # ldb lib fails... but it does not seem to bother + {DHASH,UNISTRING,INI_CONFIG_V{0,1,1_1,1_3}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,DBUS,CRYPTO,P11_KIT}_{CFLAGS,LIBS}=' ' + {NDR_NBT,SAMBA_UTIL,SMBCLIENT,NDR_KRB5PAC,JANSSON}_{CFLAGS,LIBS}=' ' + + # use native include path for dbus (needed for build) + DBUS_CFLAGS="${native_dbus_cflags}" + + # non-pkgconfig checks + ac_cv_lib_ldap_ldap_search=yes + --without-kcm + --without-manpages + ) + fi + + econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + use doc && emake docs + else + emake libnss_sss.la pam_sss.la pam_sss_gss.la + emake sssd_krb5_locator_plugin.la + use samba && emake sssd_pac_plugin.la + fi +} + +multilib_src_test() { + if multilib_is_native_abi; then + local -x CK_TIMEOUT_MULTIPLIER=10 + emake check VERBOSE=yes + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake -j1 DESTDIR="${D}" install + python_fix_shebang "${ED}" + python_optimize + else + # easier than playing with automake... + dopammod .libs/pam_sss.so + dopammod .libs/pam_sss_gss.so + + into / + dolib.so .libs/libnss_sss.so* + + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so + + if use samba; then + exeinto /usr/$(get_libdir)/krb5/plugins/authdata + doexe .libs/sssd_pac_plugin.so + fi + fi +} + +multilib_src_install_all() { + einstalldocs + + insinto /etc/sssd + insopts -m600 + doins src/examples/sssd-example.conf + + insinto /etc/logrotate.d + insopts -m644 + newins src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + keepdir /etc/sssd/conf.d + keepdir /etc/sssd/pki + + # strip empty dirs + if ! use doc; then + rm -r "${ED}"/usr/share/doc/"${PF}"/doc || die + rm -r "${ED}"/usr/share/doc/"${PF}"/{hbac,idmap,nss_idmap}_doc || die + fi + + rm -r "${ED}"/run || die + find "${ED}" -type f -name '*.la' -delete || die +} + +pkg_postinst() { + tmpfiles_process sssd-tmpfiles.conf + elog "You must set up sssd.conf (default installed into /etc/sssd)" + elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" + elog "features." + optfeature "Kerberos keytab renew (see krb5_renew_interval)" app-crypt/adcli +}
