commit: c602f884e34ee08f6a76b11f03a1946170d16d55 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Fri Dec 3 12:59:10 2021 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Fri Dec 3 13:00:05 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c602f884
net-fs/samba: Attempt to fix winbindd regression Bug: https://bugs.gentoo.org/828063 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> .../samba-4.14.10-winbindd_regression_fix.patch | 42 +++ .../samba-4.15.2-winbindd_regression_fix.patch | 42 +++ net-fs/samba/samba-4.14.10-r1.ebuild | 346 +++++++++++++++++++++ net-fs/samba/samba-4.15.2-r1.ebuild | 343 ++++++++++++++++++++ 4 files changed, 773 insertions(+) diff --git a/net-fs/samba/files/samba-4.14.10-winbindd_regression_fix.patch b/net-fs/samba/files/samba-4.14.10-winbindd_regression_fix.patch new file mode 100644 index 000000000000..23411dad6bec --- /dev/null +++ b/net-fs/samba/files/samba-4.14.10-winbindd_regression_fix.patch @@ -0,0 +1,42 @@ +From bc07c3b70702100975f8921e56cf9b733ec3b826 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <[email protected]> +Date: Tue, 9 Nov 2021 20:50:20 +0100 +Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression + +add_trusted_domain() should only reject domains +based on is_allowed_domain(), which now also +checks "allow trusted domains = no", if we don't +have an explicit trust to the domain (SEC_CHAN_NULL). + +We use at least SEC_CHAN_LOCAL for local domains like +BUILTIN. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899 + +Signed-off-by: Stefan Metzmacher <[email protected]> +Reviewed-by: Andreas Schneider <[email protected]> + +Autobuild-User(master): Stefan Metzmacher <[email protected]> +Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184 + +(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935) +--- + source3/winbindd/winbindd_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c +index 42ddbfd2f44e..9d54e462c425 100644 +--- a/source3/winbindd/winbindd_util.c ++++ b/source3/winbindd/winbindd_util.c +@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name, + return NT_STATUS_INVALID_PARAMETER; + } + +- if (!is_allowed_domain(domain_name)) { ++ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + +-- +2.25.1 + diff --git a/net-fs/samba/files/samba-4.15.2-winbindd_regression_fix.patch b/net-fs/samba/files/samba-4.15.2-winbindd_regression_fix.patch new file mode 100644 index 000000000000..457bad16a6e2 --- /dev/null +++ b/net-fs/samba/files/samba-4.15.2-winbindd_regression_fix.patch @@ -0,0 +1,42 @@ +From 9f73f8a784f2de9211601f92729a47aaa3e51a1a Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <[email protected]> +Date: Tue, 9 Nov 2021 20:50:20 +0100 +Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression + +add_trusted_domain() should only reject domains +based on is_allowed_domain(), which now also +checks "allow trusted domains = no", if we don't +have an explicit trust to the domain (SEC_CHAN_NULL). + +We use at least SEC_CHAN_LOCAL for local domains like +BUILTIN. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899 + +Signed-off-by: Stefan Metzmacher <[email protected]> +Reviewed-by: Andreas Schneider <[email protected]> + +Autobuild-User(master): Stefan Metzmacher <[email protected]> +Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184 + +(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935) +--- + source3/winbindd/winbindd_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c +index fe68adec534a..a8c510fafc67 100644 +--- a/source3/winbindd/winbindd_util.c ++++ b/source3/winbindd/winbindd_util.c +@@ -135,7 +135,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name, + return NT_STATUS_INVALID_PARAMETER; + } + +- if (!is_allowed_domain(domain_name)) { ++ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + +-- +2.25.1 + diff --git a/net-fs/samba/samba-4.14.10-r1.ebuild b/net-fs/samba/samba-4.14.10-r1.ebuild new file mode 100644 index 000000000000..9c5d6e8d0e5f --- /dev/null +++ b/net-fs/samba/samba-4.14.10-r1.ebuild @@ -0,0 +1,346 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..9} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/"; + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} = *_rc* ]]; then + SRC_URI="mirror://samba/rc/${MY_P}.tar.gz" +else + SRC_URI="mirror://samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam glusterfs +gpg iprint json ldap ntvfs pam profiling-data python quota +regedit selinux +snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind +zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( python json winbind ) + addns? ( python ) + ads? ( acl ldap winbind ) + cluster? ( ads ) + gpg? ( addc ) + ntvfs? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7[${MULTILIB_USEDEP}] + net-libs/libnsl:=[${MULTILIB_USEDEP}] + sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.3.2[ldap(+)?,${MULTILIB_USEDEP}] + <sys-libs/ldb-2.4.0[ldap(+)?,${MULTILIB_USEDEP}] + sys-libs/libcap[${MULTILIB_USEDEP}] + sys-libs/liburing:=[${MULTILIB_USEDEP}] + sys-libs/ncurses:0= + sys-libs/readline:0= + >=sys-libs/talloc-2.3.2[${MULTILIB_USEDEP}] + >=sys-libs/tdb-1.4.3[${MULTILIB_USEDEP}] + >=sys-libs/tevent-0.10.2[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep " + addc? ( + dev-python/dnspython:=[\${PYTHON_USEDEP}] + dev-python/markdown[\${PYTHON_USEDEP}] + ) + addns? ( + dev-python/dnspython:=[\${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ") + !alpha? ( !sparc? ( sys-libs/libunwind:= ) ) + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + dmapi? ( sys-apps/dmapi ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:0= ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + net-libs/libtirpc[${MULTILIB_USEDEP}] + || ( + net-libs/rpcsvc-proto + <sys-libs/glibc-2.26[rpc(+)] + ) + spotlight? ( dev-libs/glib ) + test? ( + $(python_gen_cond_dep "dev-python/subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}/${PN}-4.4.0-pam.patch" + + # https://bugs.gentoo.org/828063 + "${FILESDIR}/${P}-winbindd_regression_fix.patch" +) + +#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" +CONFDIR="${FILESDIR}/4.4" + +WAF_BINARY="${S}/buildtools/bin/waf" + +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usex snapper '' '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +src_prepare() { + default + + # un-bundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + ## ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # Friggin' WAF shit + multilib_copy_sources +} + +multilib_src_configure() { + # when specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with addns dnsupdate) + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + $(multilib_native_use_with dmapi) + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with ntvfs ntvfs-fileserver) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + + if multilib_is_native_abi ; then + # install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (#603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi + + keepdir /var/cache/samba + keepdir /var/lib/ctdb + keepdir /var/lib/samba/{bind-dns,private} + keepdir /var/lock/samba + keepdir /var/log/samba +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "test failed" + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf + + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "Be aware that this release contains the best of all of Samba's" + elog "technology parts, both a file server (that you can reasonably expect" + elog "to upgrade existing Samba 3.x releases to) and the AD domain" + elog "controller work previously known as 'samba4'." + elog + fi + elog "For further information and migration steps make sure to read " + elog "https://samba.org/samba/history/${P}.html " + elog "https://wiki.samba.org/index.php/Samba4/HOWTO " +} diff --git a/net-fs/samba/samba-4.15.2-r1.ebuild b/net-fs/samba/samba-4.15.2-r1.ebuild new file mode 100644 index 000000000000..fcf892dc2388 --- /dev/null +++ b/net-fs/samba/samba-4.15.2-r1.ebuild @@ -0,0 +1,343 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/"; + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} = *_rc* ]]; then + SRC_URI="mirror://samba/rc/${MY_P}.tar.gz" +else + SRC_URI="mirror://samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl addc ads ceph client cluster cups debug dmapi fam glusterfs +gpg iprint json ldap pam profiling-data python quota +regedit selinux +snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind +zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( python json winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7[${MULTILIB_USEDEP}] + sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.4.1[ldap(+)?,${MULTILIB_USEDEP}] + <sys-libs/ldb-2.5.0[ldap(+)?,${MULTILIB_USEDEP}] + sys-libs/libcap[${MULTILIB_USEDEP}] + sys-libs/liburing:=[${MULTILIB_USEDEP}] + sys-libs/ncurses:0= + sys-libs/readline:0= + >=sys-libs/talloc-2.3.3[${MULTILIB_USEDEP}] + >=sys-libs/tdb-1.4.4[${MULTILIB_USEDEP}] + >=sys-libs/tevent-0.11.0[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep " + addc? ( + dev-python/dnspython:=[\${PYTHON_USEDEP}] + dev-python/markdown[\${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[\${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ") + !alpha? ( !sparc? ( sys-libs/libunwind:= ) ) + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + dmapi? ( sys-apps/dmapi ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:0= ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + net-libs/libtirpc[${MULTILIB_USEDEP}] + || ( + net-libs/rpcsvc-proto + <sys-libs/glibc-2.26[rpc(+)] + ) + spotlight? ( dev-libs/glib ) + test? ( + $(python_gen_cond_dep "dev-python/subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}/${PN}-4.4.0-pam.patch" + + # https://bugs.gentoo.org/828063 + "${FILESDIR}/${P}-winbindd_regression_fix.patch" +) + +#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" +CONFDIR="${FILESDIR}/4.4" + +WAF_BINARY="${S}/buildtools/bin/waf" + +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usex snapper '' '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +src_prepare() { + default + + # un-bundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + ## ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # Friggin' WAF shit + multilib_copy_sources +} + +multilib_src_configure() { + # when specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + $(multilib_native_use_with dmapi) + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + + if multilib_is_native_abi ; then + # install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (#603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi + + keepdir /var/cache/samba + keepdir /var/lib/ctdb + keepdir /var/lib/samba/{bind-dns,private} + keepdir /var/lock/samba + keepdir /var/log/samba +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "test failed" + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf + + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "Be aware that this release contains the best of all of Samba's" + elog "technology parts, both a file server (that you can reasonably expect" + elog "to upgrade existing Samba 3.x releases to) and the AD domain" + elog "controller work previously known as 'samba4'." + elog + fi + if [[ "${PV}" != *_rc* ]] ; then + elog "For further information and migration steps make sure to read " + elog "https://samba.org/samba/history/${P}.html " + elog "https://wiki.samba.org/index.php/Samba4/HOWTO " + fi +}
