add sys-auth/sssd with build fix for mit-krb5-1.11

ganto · Apr 1, 2013 · 3787c7c · 3787c7c
1 parent 44854a0
commit 3787c7c
Show file tree

Hide file tree

Showing 9 changed files with 465 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -15,6 +15,7 @@ This Gentoo overlay should act as a brewery for FreeIPA related ebuilds. It cont
 * **dev-python/python-krbV** (1.0.90) - Python extension module for Kerberos 5
 * **media-gfx/ipa-pki-theme** (9.0.5) - PKI User Interface utilized by IPA
 * **net-nds/389-ds-base** (1.2.11.15) - 389 Directory Server (core librares and daemons)
+* **sys-auth/sssd** (1.9.4) - System Security Services Daemon provides access to identity and authentication
 
 So far, the FreeIPA ebuild is able to successfully configure a Gentoo box as nearly fully-featured IPA client. For server support a lot more ebuilds of dependencies are required to be written yet. Any help is appreciated.
 

diff --git a/sys-auth/sssd/ChangeLog b/sys-auth/sssd/ChangeLog
@@ -0,0 +1,182 @@
+# ChangeLog for sys-auth/sssd
+# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+*sssd-1.9.4-r2 (1 Apr 2013)
+  1 Apr 2013; Reto Gantenbein <reto.gantenbein@linuxmonk.ch>
+  +files/0003_krb5-1.11_compatibility.patch, +sssd-1.9.4-r2.ebuild:
+  Fix bug #463812
+
+  17 Mar 2013; Markos Chandras <hwoarang@gentoo.org> metadata.xml:
+  Add proxy-maintainers to metadata.xml
+
+*sssd-1.9.4-r1 (20 Feb 2013)
+
+  20 Feb 2013; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.9.4-r1.ebuild:
+  Remove samba-4 dep until it's unmasked.
+
+  31 Jan 2013; Agostino Sarubbo <ago@gentoo.org> -sssd-1.8.1-r1.ebuild,
+  -sssd-1.8.2.ebuild, -sssd-1.8.4.ebuild, -sssd-1.8.5.ebuild,
+  -sssd-1.9.2.ebuild:
+  Remove old
+
+  31 Jan 2013; Agostino Sarubbo <ago@gentoo.org> sssd-1.8.6.ebuild:
+  Stable for x86, wrt bug #453808
+
+  31 Jan 2013; Agostino Sarubbo <ago@gentoo.org> sssd-1.8.6.ebuild:
+  Stable for amd64, wrt bug #453808
+
+*sssd-1.8.6 (31 Jan 2013)
+*sssd-1.9.4 (31 Jan 2013)
+
+  31 Jan 2013; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.6.ebuild,
+  +sssd-1.9.4.ebuild, -sssd-1.9.3.ebuild:
+  Bump to 1.9.4 and 1.8.6, clean vulnerable 1.9.x versions, fixes security bug
+  453808
+
+  06 Jan 2013; Maxim Koltsov <maksbotan@gentoo.org> sssd-1.9.3.ebuild:
+  Change 1.9.3 depends to make it build, bug #450226. Thanks to slepnoga.
+
+*sssd-1.9.3 (02 Jan 2013)
+
+  02 Jan 2013; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.9.3.ebuild:
+  Bump to 1.9.3, thanks to slepnoga
+
+  04 Dec 2012; Maxim Koltsov <maksbotan@gentoo.org> sssd-1.9.2.ebuild:
+  Fix bug #445478, thanks to Reto Gantenbein
+
+  21 Nov 2012; Agostino Sarubbo <ago@gentoo.org> sssd-1.8.4.ebuild:
+  Stable for x86, wrt bug #434352
+
+*sssd-1.9.2 (17 Oct 2012)
+
+  17 Oct 2012; Maxim Koltsov <maksbotan@gentoo.org>
+  +files/0001_add_pthread_to_fix_as-needed.patch,
+  +files/0002_allow_xdm_openrc.patch, +sssd-1.9.2.ebuild, metadata.xml:
+  Bump to 1.9.2, thanks to slepnoga
+
+*sssd-1.8.5 (14 Oct 2012)
+
+  14 Oct 2012; Sergey Popov <pinkbyte@gentoo.org> +sssd-1.8.5.ebuild:
+  Version bump
+
+  09 Sep 2012; Agostino Sarubbo <ago@gentoo.org> sssd-1.8.4.ebuild:
+  Stable for amd64, wrt bug #434352
+
+  03 Aug 2012; Andreas Schuerch <nativemad@gentoo.org> sssd-1.8.1-r1.ebuild:
+  x86 stable, see bug 413977. Thanks Myckel
+
+  27 Jun 2012; Alexander Vershilov <qnikst@gentoo.org> Manifest:
+  fixing metadata (due #423701) asked by slepnoga
+
+*sssd-1.8.4 (21 Jun 2012)
+
+  21 Jun 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.4.ebuild:
+  Bump to 1.8.4, thanks to slepnoga
+
+  02 Jun 2012; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.6.4-r1.ebuild,
+  -sssd-1.6.4.ebuild:
+  Remove old 1.6.4
+
+  05 May 2012; Markos Chandras <hwoarang@gentoo.org> sssd-1.8.1-r1.ebuild:
+  Stable on amd64 wrt bug #413977
+
+*sssd-1.8.2 (14 Apr 2012)
+
+  14 Apr 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.2.ebuild,
+  -sssd-1.8.1.ebuild:
+  Bump to 1.8.2, thanks to slepnoga
+
+*sssd-1.6.4-r1 (08 Apr 2012)
+*sssd-1.8.1-r1 (08 Apr 2012)
+
+  08 Apr 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.6.4-r1.ebuild,
+  +sssd-1.8.1-r1.ebuild, -sssd-1.7.0.ebuild, -sssd-1.8.0.ebuild,
+  sssd-1.6.4.ebuild:
+  Cleanup old versions, revision-bump the rest adding selinux policy dependency.
+  Thanks to slepnoga
+
+*sssd-1.8.1 (16 Mar 2012)
+
+  16 Mar 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.1.ebuild:
+  Bump to 1.8.1, thanks to slepnoga
+
+  05 Mar 2012; Maxim Koltsov <maksbotan@gentoo.org> sssd-1.6.4.ebuild,
+  sssd-1.7.0.ebuild, sssd-1.8.0.ebuild:
+  Block ~net-nds/openldap-2.4.28, bug #405343. Thanks to slepnoga
+
+*sssd-1.8.0 (02 Mar 2012)
+
+  02 Mar 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.0.ebuild:
+  Bump to 1.8.0, drop libunistring depend, make logrotate installation
+  unconditional. Thanks to slepnoga
+
+  02 Mar 2012; Agostino Sarubbo <ago@gentoo.org> sssd-1.6.4.ebuild:
+  Stable for amd64, wrt bug #406291
+
+*sssd-1.7.0 (24 Feb 2012)
+
+  24 Feb 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.7.0.ebuild,
+  -sssd-1.6.1-r2.ebuild, -sssd-1.6.2.ebuild:
+  Bump to 1.7.0, remove old versions. Thanks to slepnoga
+
+  04 Feb 2012; Maxim Koltsov <maksbotan@gentoo.org> metadata.xml:
+  Fix maintainer's email in metadata
+
+*sssd-1.6.4 (19 Dec 2011)
+
+  19 Dec 2011; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.6.4.ebuild,
+  metadata.xml:
+  Bump to 1.6.4 and EAPI 4, thanks so slepnoga. Bug 394699
+
+*sssd-1.6.2 (28 Oct 2011)
+
+  28 Oct 2011; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.6.1-r1.ebuild,
+  +sssd-1.6.2.ebuild:
+  Bump to 1.6.2, bug #388787. Removed obsolete 1.6.1-r1
+
+*sssd-1.6.1-r2 (23 Oct 2011)
+
+  23 Oct 2011; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.6.1-r2.ebuild,
+  +files/sssd, +files/sssd.conf:
+  Fix depends in init script, bug 385157
+
+  17 Sep 2011; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.6.1.ebuild,
+  sssd-1.6.1-r1.ebuild:
+  Drop static-libs use flag, finish work on #382703. Thanks to Andreis
+  Vinogradovs <spamslepnoga@inbox.ru>
+
+*sssd-1.6.1-r1 (16 Sep 2011)
+
+  16 Sep 2011; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.5.13.ebuild,
+  +sssd-1.6.1-r1.ebuild:
+  (ChangeLog by Andreis Vinogradovs <spamslepnoga@inbox.ru>)
+  Fix #382703 - remove useless .la files;
+  Thanks Samuli Suominen <ssuominen@gentoo.org> for report
+
+  31 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> +files/allow_xdm.patch:
+  Add forgotten patch
+
+*sssd-1.6.1 (31 Aug 2011)
+*sssd-1.5.13 (31 Aug 2011)
+
+  31 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.5.12-r1.ebuild,
+  +sssd-1.5.13.ebuild, +sssd-1.6.1.ebuild:
+  Bumped to 1.5.13 and 1.6.1, removed old 1.5.12-r1
+
+  20 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> sssd-1.5.12-r1.ebuild:
+  Fix LDB path again
+
+*sssd-1.5.12-r1 (20 Aug 2011)
+
+  20 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.5.12-r1.ebuild,
+  -sssd-1.5.12.ebuild:
+  Revision bump: fixed LDB library path and .la files, thanks to slepnoga. Old
+  revision dropped cause it can't work due to wrong LDB search path.
+
+*sssd-1.5.12 (14 Aug 2011)
+
+  14 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.5.12.ebuild, +metadata.xml:
+  Add sssd-1.5.12, 1.6.0 is not yet considered ready by ebuild author. Thanks
+  to
+  slepnoga, bug #321875
diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest
@@ -0,0 +1,8 @@
+AUX 0001_add_pthread_to_fix_as-needed.patch 744 SHA256 3d9f822d93555393c19fc9bdbface08092e78e640dd939424700f6403f11ac1f SHA512 fee020fa5f1ef22065c91e93178d99e3a451769cc5fb1ebdceef446a9bea5547727189c65310de2fe68a12f975eb1980af7a5b737882c0c6cdd5129b76659f82 WHIRLPOOL dac4c364fe617d23f0f66675bf98e8dd33c378709c997783df52007e33a89ba871e9f455a705da09e4d213c34707fed864fa5c46c8260c81e83db809a0c7f895
+AUX 0002_allow_xdm_openrc.patch 472 SHA256 9d0462096d7eb03489dbb4f5920c767828068cc87d2e41c75c37631f95850368 SHA512 c728b3619746902584d2f75ef57829a249c964139a24bd012530399ce3fb478fd2236efaa6c5313dd8132ea46ecb9a8c899f7a10c5b063da2a03ba9f9ba2650f WHIRLPOOL 93d4fdd206602833104f43eae576fc22bee4975e3ba116dd4caff1067a0394c230726d70d8e74d90288c984b46c3f9d26856bb2ee663dd63ace425ce6acc4d71
+AUX 0003_krb5-1.11_compatibility.patch 1823 SHA256 f568682deb7038085b2107df0e58b43831f8590bdc146d7e3ce8f5076ead306a SHA512 aa9493bfb2bcfc14e050d4785e3284ce354238e7f0cc4136726dfc3d74af680faf638785565a5a3d01b863831223a2b265be523940a6558fe8e225995ddf9b9b WHIRLPOOL 3b48195f9f010030eb90d91c6f5424b7eafbc3b38f534916d2c10f091f73815e65a841e6a063725a84d6d24128f4b42b4742ab6bd237e7cb21d18139404ae9fd
+AUX sssd.conf 124 SHA256 bc5154f0ee2c2e6cffd5b6e371d4302a5952bd04343dd4c56689f43821a5fb94 SHA512 f16908c44b213edbf6b0c6e8d49df92e8c06fc623279037074fe51e49b8aca7dc18f5ed83f71909fc8209df80dfc150583edb1687f88e61588bdf9d1fbf6ed5a WHIRLPOOL 37151473420598bd24d90ef1975ba83c5e9f5301a459b8d73d5df540d5b67686494b9f826b8e985b42765c65861d5f82b6ef705ebe577e68bbf57a893a24f32b
+DIST sssd-1.9.4.tar.gz 3050325 SHA256 20e39d7c5d89e217b5301f7e75360eb869ac1889701755a598fb3fbed923f4b4 SHA512 2e0297c4a748a5b265956034727a97c3addfa135216133cb76dcf7e905a3a0d87ea02331f98d06dd7a90c5185ba3e89496ff386e3cc675ae90c51a1c49ac0984 WHIRLPOOL 984395610ccc47b6d5b77c73f2ce4fb6f9dea2bfdd4a128d19599dabd6530286513b11c16707641c1610b1d80afdb8996b57f2dcadb9dc9a858053628fac65cf
+EBUILD sssd-1.9.4-r2.ebuild 3308 SHA256 edc6d11e7f496dafb235c7de4ced35366a7a59a722d99189d8be2247ffe36c2e SHA512 bcd47d1f154cc66c59d79ea809ba8c81cd97a36ff141881db251b68c7bbe4f3ed5c37d32cd10dd3b1c221612172492f9a3ea0b0c618325d6b57fa8f789f3e4db WHIRLPOOL 80b235efec825df60c7a5e3b8558eaafca7c09ecd36dd04a84ff6c4f6dd17c0c76feb52eedfd5be8c6d58bcd22480359476bf3996dfc7faa3cc952ff419bd4e8
+MISC ChangeLog 6109 SHA256 5c207f4b4af94098dca7c6d5560ce70451862aded5b3cec6be9975e7f4f21749 SHA512 0024be0658d366a544ea5210697e8c1b37ce723e481789a9ffd08ba62aafa9638e900b39635d83ed0834dcf819fa7d0de4dd930a956a80ebedbb51ef9529afe4 WHIRLPOOL 6d8bd4aae8fc745d78c47789c4f610db0548d5466a12be93f657f9fa957b94a539817f0404574027a5479b213afb5e961fc48e906cecef40712d13aaac15fd18
+MISC metadata.xml 1151 SHA256 3a2e0f337acc48549dd94df23a782654d76c9c78985e67e8ff6b2bb925e316b6 SHA512 2264c5d0ade0fb2e7538a704ffe3a4ca4f5da9e44540e9de9291915b434b56f0d06a017c0a290b59f193f494a320530608f4eb040d1f799dfdef51a583efa9d7 WHIRLPOOL 835caff70885090d33d8db6b38bd357c8042c74a2368eb2c0664230aa12d458bd22039de1079cf95935307554453be0f71593f0b0873df5352f6927adb7d51f1
diff --git a/sys-auth/sssd/files/0001_add_pthread_to_fix_as-needed.patch b/sys-auth/sssd/files/0001_add_pthread_to_fix_as-needed.patch
@@ -0,0 +1,36 @@
+diff --git a/Makefile.am b/Makefile.am
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -313,7 +313,8 @@
+     $(DHASH_LIBS) \
+     $(SSS_CRYPT_LIBS) \
+     $(OPENLDAP_LIBS) \
+-    $(TDB_LIBS)
++    $(TDB_LIBS) \
++	-lpthread
+
+ PYTHON_BINDINGS_LIBS = \
+     $(TALLOC_LIBS) \
+@@ -338,7 +339,8 @@
+     $(COLLECTION_LIBS) \
+     $(DHASH_LIBS) \
+     $(OPENLDAP_LIBS) \
+-    $(TDB_LIBS)
++    $(TDB_LIBS) \
++    -lpthread
+
+ if BUILD_SELINUX
+     PYTHON_BINDINGS_LIBS += $(SELINUX_LIBS)
+diff --git a/configure.ac b/configure.ac
+--- a/configure.ac
++++ b/configure.ac
+@@ -18,7 +18,8 @@
+ AM_PROG_CC_C_O
+ AC_DISABLE_STATIC
+ AC_PROG_INSTALL
+-AC_PROG_LIBTOOL
++LT_INIT
++AM_PROG_AR
+ AC_CONFIG_MACRO_DIR([m4])
+ AM_GNU_GETTEXT([external])
+ AM_GNU_GETTEXT_VERSION([0.14])
diff --git a/sys-auth/sssd/files/0002_allow_xdm_openrc.patch b/sys-auth/sssd/files/0002_allow_xdm_openrc.patch
@@ -0,0 +1,19 @@
+--- src/sysv/gentoo/sssd.old	2011-08-02 23:14:48.000000000 +0300
++++ src/sysv/gentoo/sssd	2011-08-24 12:15:18.413929409 +0300
+@@ -1,13 +1,13 @@
+ #!/sbin/runscript
+
+ depend(){
+-    need localmount netmount clock
+-    use syslog
++    need localmount netmount clock nscd
++    use syslog xdm
+ }
+
+ start(){
+     ebegin "Starting sssd"
+-    start-stop-daemon --start --exec /usr/sbin/sssd -- -D
++    start-stop-daemon --start --exec /usr/sbin/sssd -- -Df 
+     eend ${?}
+ }
+
diff --git a/sys-auth/sssd/files/0003_krb5-1.11_compatibility.patch b/sys-auth/sssd/files/0003_krb5-1.11_compatibility.patch
@@ -0,0 +1,52 @@
+From 4e78fab6a1b2e9653a7959cbdb7d54bb750041d0 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Mon, 4 Feb 2013 11:30:48 -0500
+Subject: [PATCH] krb5: include backwards compatible declaration of
+ krb5_trace_info
+
+krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11
+includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info".
+
+Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
+---
+ src/external/krb5.m4 | 2 +-
+ src/util/sss_krb5.c  | 8 +++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/external/krb5.m4 b/src/external/krb5.m4
+index 5bc8711..f1679a1 100644
+--- a/src/external/krb5.m4
++++ b/src/external/krb5.m4
+@@ -37,7 +37,7 @@ SAVE_LIBS=$LIBS
+ CFLAGS="$CFLAGS $KRB5_CFLAGS"
+ LIBS="$LIBS $KRB5_LIBS"
+ AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
+-AC_CHECK_TYPES([krb5_ticket_times, krb5_times], [], [],
++AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
+                [ #ifdef HAVE_KRB5_KRB5_H
+                  #include <krb5/krb5.h>
+                  #else
+diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
+index bb61d10..ab0344c 100644
+--- a/src/util/sss_krb5.c
++++ b/src/util/sss_krb5.c
+@@ -1001,9 +1001,15 @@ sss_krb5_residual_check_type(const char *full_location,
+ }
+
+ #ifdef HAVE_KRB5_SET_TRACE_CALLBACK
++
++#ifndef HAVE_KRB5_TRACE_INFO
++/* krb5-1.10 had struct krb5_trace_info, 1.11 has type named krb5_trace_info */
++typedef struct krb5_trace_info krb5_trace_info;
++#endif  /* HAVE_KRB5_TRACE_INFO */
++
+ static void
+ sss_child_krb5_trace_cb(krb5_context context,
+-                        const struct krb5_trace_info *info, void *data)
++                        const krb5_trace_info *info, void *data)
+ {
+     if (info == NULL) {
+         /* Null info means destroy the callback data. */
+-- 
+1.8.1.5
+
diff --git a/sys-auth/sssd/files/sssd.conf b/sys-auth/sssd/files/sssd.conf
@@ -0,0 +1,4 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+SSSD_OPTIONS=""
diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>proxy-maintainers</herd>
+<maintainer>
+	<email>andreis.vinogradovs@gmail.com</email>
+	<name>Andreis Vinogradovs</name>
+</maintainer>
+<maintainer>
+	<email>maksbotan@gentoo.org</email>
+	<name>Maxim Koltsov</name>
+</maintainer>
+<use>
+	<flag name="locator">Install sssd's Kerberos plugin</flag>
+	<flag name="logrotate">Install logrotate.d file</flag>
+	<flag name="glib">Use <pkg>dev-libs/glib</pkg> as UTF-8 string library</flag>
+	<flag name="libunistring">Use <pkg>dev-libs/libunistring</pkg> as UTF-8 string library</flag>
+	<flag name='netlink'>Add support for netlink protocol via <pkg>dev-libs/libnl</pkg></flag>
+	<flag name='manpages'>Build man pages with <pkg>dev-libs/libxslt</pkg></flag>
+	<flag name='autofs'>Build helper to let <pkg>net-fs/autofs</pkg> use sssd provided information</flag>
+	<flag name='ssh'>Build helper to let <pkg>net-misc/openssh</pkg> use sssd provided information</flag>
+	<flag name='sudo'>Build helper to let <pkg>app-admin/sudo</pkg> use sssd provided information</flag>
+</use>
+</pkgmetadata>