# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.23.ebuild,v 1.18 2014/07/25 18:29:12 robbat2 Exp $ EAPI="2" WANT_AUTOMAKE=1.9 inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs autotools user DESCRIPTION="LDAP suite of application and development tools" HOMEPAGE="http://www.OpenLDAP.org/" SRC_URI="mirror://openldap/openldap-release/${P}.tgz" LICENSE="OPENLDAP" SLOT="0" KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd" IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal" IUSE_BACKEND="+berkdb" IUSE_OVERLAY="overlays perl" IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 +syslog selinux" IUSE_CONTRIB="smbkrb5passwd kerberos" IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" # openssl is needed to generate lanman-passwords required by samba RDEPEND="sys-libs/ncurses sys-devel/libtool icu? ( dev-libs/icu ) tcpd? ( sys-apps/tcp-wrappers ) ssl? ( !gnutls? ( dev-libs/openssl ) gnutls? ( ${l}" eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" eerror " 5. emerge --update \=net-nds/${PF}" eerror " 6. etc-update, and ensure that you apply the changes" eerror " 7. slapadd -l ${l}" eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" eerror " 9. /etc/init.d/slapd start" eerror "10. check that your data is intact." eerror "11. set up the new replication system." eerror if [ "${FORCE_UPGRADE}" != "1" ]; then die "You need to upgrade your database first" else eerror "You have the magical FORCE_UPGRADE=1 in place." eerror "Don't say you weren't warned about data loss." fi } pkg_setup() { if ! use sasl && use cxx ; then die "To build the ldapc++ library you must emerge openldap with sasl support" fi if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then einfo einfo "Skipping scan for previous datadirs as requested by minimal useflag" einfo else openldap_find_versiontags fi enewgroup ldap 439 enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap } src_prepare() { # ensure correct SLAPI path by default sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \ "${S}"/include/ldap_defaults.h epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch epatch \ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch # bug #116045 - still present in 2.4.19 epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch # bug #189817 epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch # bug #233633 epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch # bug #281495 epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch cd "${S}"/build einfo "Making sure upstream build strip does not do stripping too early" sed -i.orig \ -e '/^STRIP/s,-s,,g' \ top.mk || die "Failed to block stripping" # wrong assumption that /bin/sh is /bin/bash sed -i \ -e 's|/bin/sh|/bin/bash|g' \ "${S}"/tests/scripts/* || die "sed failed" cd "${S}" AT_NOEAUTOMAKE=yes eautoreconf } build_contrib_module() { lt="${S}/libtool" # cd "${S}/contrib/slapd-modules/$1" einfo "Compiling contrib-module: $3" # Make sure it's uppercase local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" "${lt}" --mode=compile --tag=CC \ "${CC}" \ -D${define_name}=SLAPD_MOD_DYNAMIC \ -I../../../include -I../../../servers/slapd ${CFLAGS} \ -o ${2%.c}.lo -c $2 || die "compiling $3 failed" einfo "Linking contrib-module: $3" "${lt}" --mode=link --tag=CC \ "${CC}" -module \ ${CFLAGS} \ ${LDFLAGS} \ -rpath /usr/$(get_libdir)/openldap/openldap \ -o $3.la ${2%.c}.lo || die "linking $3 failed" } src_configure() { local myconf #Fix for glibc-2.8 and ucred. Bug 228457. append-flags -D_GNU_SOURCE use debug && myconf="${myconf} $(use_enable debug)" # ICU usage is not configurable export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)" if ! use minimal ; then # re-enable serverside overlay chains per bug #296567 # see ldap docs chaper 12.3.1 for details myconf="${myconf} --enable-ldap" # backends myconf="${myconf} --enable-slapd" if use berkdb ; then einfo "Using Berkeley DB for local backend" myconf="${myconf} --enable-bdb --enable-hdb" # We need to include the slotted db.h dir for FreeBSD append-cppflags -I$(db_includedir) else ewarn ewarn "Note: if you disable berkdb, you can only use remote-backends!" ewarn ebeep 5 myconf="${myconf} --disable-bdb --disable-hdb" fi for backend in dnssrv ldap meta monitor null passwd relay shell sock; do myconf="${myconf} --enable-${backend}=mod" done myconf="${myconf} $(use_enable perl perl mod)" myconf="${myconf} $(use_enable odbc sql mod)" if use odbc ; then local odbc_lib="unixodbc" if use iodbc ; then odbc_lib="iodbc" append-cppflags -I/usr/include/iodbc fi myconf="${myconf} --with-odbc=${odbc_lib}" fi # slapd options myconf="${myconf} $(use_enable crypt) $(use_enable slp)" myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)" if use experimental ; then myconf="${myconf} --enable-dynacl" myconf="${myconf} --enable-aci=mod" fi for option in aci cleartext modules rewrite rlookups slapi; do myconf="${myconf} --enable-${option}" done # slapd overlay options # Compile-in the syncprov, the others as module myconf="${myconf} --enable-syncprov=yes" use overlays && myconf="${myconf} --enable-overlays=mod" else myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb" myconf="${myconf} --disable-overlays --disable-syslog" fi # basic functionality stuff myconf="${myconf} $(use_enable ipv6)" myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)" myconf="${myconf} $(use_enable tcpd wrappers)" local ssl_lib="no" if use ssl || ( use ! minimal && use samba ) ; then ssl_lib="openssl" use gnutls && ssl_lib="gnutls" fi myconf="${myconf} --with-tls=${ssl_lib}" for basicflag in dynamic local proctitle shared static; do myconf="${myconf} --enable-${basicflag}" done tc-export CC AR CXX STRIP=/bin/true \ econf \ --libexecdir=/usr/$(get_libdir)/openldap \ ${myconf} || die "econf failed" } src_configure_cxx() { # This needs the libraries built by the first build run. # So we have to run it AFTER the main build, not just after the main # configure. if ! use minimal ; then if use cxx ; then local myconf_ldapcpp myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include" cd "${S}/contrib/ldapc++" OLD_LDFLAGS="$LDFLAGS" OLD_CPPFLAGS="$CPPFLAGS" append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs append-cppflags -I../../../include econf ${myconf_ldapcpp} \ CC="${CC}" \ CXX="${CXX}" \ || die "econf ldapc++ failed" CPPFLAGS="$OLD_CPPFLAGS" LDFLAGS="${OLD_LDFLAGS}" fi fi } src_compile() { emake depend || die "emake depend failed" emake CC="${CC}" AR="${AR}" || die "emake failed" lt="${S}/libtool" export echo="echo" if ! use minimal ; then if use cxx ; then einfo "Building contrib library: ldapc++" src_configure_cxx cd "${S}/contrib/ldapc++" emake \ CC="${CC}" CXX="${CXX}" \ || die "emake ldapc++ failed" fi if use smbkrb5passwd ; then einfo "Building contrib-module: smbk5pwd" cd "${S}/contrib/slapd-modules/smbk5pwd" emake \ DEFS="-DDO_SAMBA -DDO_KRB5" \ KRB5_INC="$(krb5-config --cflags)" \ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \ || die "emake smbk5pwd failed" fi if use kerberos ; then cd "${S}/contrib/slapd-modules/passwd" einfo "Compiling contrib-module: pw-kerberos" "${lt}" --mode=compile --tag=CC \ "${CC}" \ -I../../../include \ ${CFLAGS} \ $(krb5-config --cflags) \ -DHAVE_KRB5 \ -o kerberos.lo \ -c kerberos.c || die "compiling pw-kerberos failed" einfo "Linking contrib-module: pw-kerberos" "${lt}" --mode=link --tag=CC \ "${CC}" -module \ ${CFLAGS} \ ${LDFLAGS} \ -rpath /usr/$(get_libdir)/openldap/openldap \ -o pw-kerberos.la \ kerberos.lo || die "linking pw-kerberos failed" fi # We could build pw-radius if GNURadius would install radlib.h cd "${S}/contrib/slapd-modules/passwd" einfo "Compiling contrib-module: pw-netscape" "${lt}" --mode=compile --tag=CC \ "${CC}" \ -I../../../include \ ${CFLAGS} \ -o netscape.lo \ -c netscape.c || die "compiling pw-netscape failed" einfo "Linking contrib-module: pw-netscape" "${lt}" --mode=link --tag=CC \ "${CC}" -module \ ${CFLAGS} \ ${LDFLAGS} \ -rpath /usr/$(get_libdir)/openldap/openldap \ -o pw-netscape.la \ netscape.lo || die "linking pw-netscape failed" build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" build_contrib_module "allop" "allop.c" "overlay-allop" build_contrib_module "allowed" "allowed.c" "allowed" build_contrib_module "autogroup" "autogroup.c" "autogroup" build_contrib_module "denyop" "denyop.c" "denyop-overlay" build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" # lastmod may not play well with other overlays build_contrib_module "lastmod" "lastmod.c" "lastmod" build_contrib_module "nops" "nops.c" "nops-overlay" build_contrib_module "trace" "trace.c" "trace" # build slapi-plugins cd "${S}/contrib/slapi-plugins/addrdnvalues" einfo "Building contrib-module: addrdnvalues plugin" "${CC}" -shared \ -I../../../include \ ${CFLAGS} \ -fPIC \ ${LDFLAGS} \ -o libaddrdnvalues-plugin.so \ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" fi } src_test() { cd tests ; make tests || die "make tests failed" } src_install() { lt="${S}/libtool" emake DESTDIR="${D}" install || die "make install failed" dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example docinto rfc ; dodoc doc/rfc/*.txt # openldap modules go here # TODO: write some code to populate slapd.conf with moduleload statements keepdir /usr/$(get_libdir)/openldap/openldap/ # initial data storage dir keepdir /var/lib/openldap-data fowners ldap:ldap /var/lib/openldap-data fperms 0700 /var/lib/openldap-data echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" # change slapd.pid location in configuration file keepdir /var/run/openldap fowners ldap:ldap /var/run/openldap fperms 0755 /var/run/openldap if ! use minimal; then # use our config rm "${D}"etc/openldap/slapd.conf insinto /etc/openldap newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf configfile="${D}"etc/openldap/slapd.conf # populate with built backends ebegin "populate config with built backends" for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do elog "Adding $(basename ${x})" sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" done sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" fowners root:ldap /etc/openldap/slapd.conf fperms 0640 /etc/openldap/slapd.conf cp "${configfile}" "${configfile}".default eend # install our own init scripts newinitd "${FILESDIR}"/slapd-initd2 slapd newconfd "${FILESDIR}"/slapd-confd slapd if [ $(get_libdir) != lib ]; then sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd fi if use cxx ; then einfo "Install the ldapc++ library" cd "${S}/contrib/ldapc++" emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed" newdoc README ldapc++-README fi if use smbkrb5passwd ; then einfo "Install the smbk5pwd module" cd "${S}/contrib/slapd-modules/smbk5pwd" emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed" newdoc README smbk5pwd-README fi einfo "Installing contrib modules" cd "${S}/contrib/slapd-modules" for l in */*.la; do "${lt}" --mode=install cp ${l} \ "${D}"usr/$(get_libdir)/openldap/openldap || \ die "installing ${l} failed" done docinto contrib newdoc addpartial/README addpartial-README newdoc allop/README allop-README doman allop/slapo-allop.5 newdoc autogroup/README autogroup-README newdoc denyop/denyop.c denyop-denyop.c newdoc dsaschema/README dsaschema-README doman lastmod/slapo-lastmod.5 doman nops/slapo-nops.5 newdoc passwd/README passwd-README cd "${S}/contrib/slapi-plugins" insinto /usr/$(get_libdir)/openldap/openldap doins */*.so docinto contrib newdoc addrdnvalues/README addrdnvalues-README fi } pkg_preinst() { # keep old libs if any preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0 } pkg_postinst() { if ! use minimal ; then # You cannot build SSL certificates during src_install that will make # binary packages containing your SSL key, which is both a security risk # and a misconfiguration if multiple machines use the same key and cert. if use ssl; then install_cert /etc/openldap/ssl/ldap chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.* ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" ewarn "add 'TLS_REQCERT never' if you want to use them." fi # These lines force the permissions of various content to be correct chown ldap:ldap "${ROOT}"var/run/openldap chmod 0755 "${ROOT}"var/run/openldap chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default} chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default} chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm} fi elog "Getting started using OpenLDAP? There is some documentation available:" elog "Gentoo Guide to OpenLDAP Authentication" elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)" elog "---" elog "An example file for tuning BDB backends with openldap is" elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0 }