summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2011-02-18 02:20:00 +0000
committerRobin H. Johnson <robbat2@gentoo.org>2011-02-18 02:20:00 +0000
commit49a35d0cbedd3fcb6bdf586296099d7023b2c250 (patch)
tree19e32e4e02b6adb38c9f69253ade7563151447b4 /net-nds/openldap
parentupdate live ebuild to install man page (diff)
downloadgentoo-2-49a35d0cbedd3fcb6bdf586296099d7023b2c250.tar.gz
gentoo-2-49a35d0cbedd3fcb6bdf586296099d7023b2c250.tar.bz2
gentoo-2-49a35d0cbedd3fcb6bdf586296099d7023b2c250.zip
Bump for security bug #355333.
(Portage version: 2.2.0_alpha23/cvs/Linux x86_64)
Diffstat (limited to 'net-nds/openldap')
-rw-r--r--net-nds/openldap/ChangeLog9
-rw-r--r--net-nds/openldap/openldap-2.4.24.ebuild605
2 files changed, 612 insertions, 2 deletions
diff --git a/net-nds/openldap/ChangeLog b/net-nds/openldap/ChangeLog
index adb3ef57f37a..40e742a087f7 100644
--- a/net-nds/openldap/ChangeLog
+++ b/net-nds/openldap/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for net-nds/openldap
-# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.377 2010/09/12 04:34:43 josejx Exp $
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.378 2011/02/18 02:20:00 robbat2 Exp $
+
+*openldap-2.4.24 (18 Feb 2011)
+
+ 18 Feb 2011; Robin H. Johnson <robbat2@gentoo.org> +openldap-2.4.24.ebuild:
+ Bump for security bug #355333.
12 Sep 2010; Joseph Jezak <josejx@gentoo.org> openldap-2.4.23.ebuild:
Marked ppc stable for bug #323777.
diff --git a/net-nds/openldap/openldap-2.4.24.ebuild b/net-nds/openldap/openldap-2.4.24.ebuild
new file mode 100644
index 000000000000..25cc0a24444a
--- /dev/null
+++ b/net-nds/openldap/openldap-2.4.24.ebuild
@@ -0,0 +1,605 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.24.ebuild,v 1.1 2011/02/18 02:20:00 robbat2 Exp $
+
+EAPI="2"
+inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux"
+IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+# openssl is needed to generate lanman-passwords required by samba
+RDEPEND="sys-libs/ncurses
+ icu? ( dev-libs/icu )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? ( !gnutls? ( dev-libs/openssl )
+ gnutls? ( net-libs/gnutls ) )
+ sasl? ( dev-libs/cyrus-sasl )
+ !minimal? (
+ odbc? ( !iodbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc ) )
+ slp? ( net-libs/openslp )
+ perl? ( dev-lang/perl[-build] )
+ samba? ( dev-libs/openssl )
+ berkdb? ( sys-libs/db )
+ smbkrb5passwd? (
+ dev-libs/openssl
+ app-crypt/heimdal )
+ kerberos? ( virtual/krb5 )
+ cxx? ( dev-libs/cyrus-sasl )
+ )
+ selinux? ( sec-policy/selinux-openldap )"
+DEPEND="${RDEPEND}"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+openldap_filecount() {
+ local dir="$1"
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l
+}
+
+openldap_find_versiontags() {
+ # scan for all datadirs
+ openldap_datadirs=""
+ if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
+ fi
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+ einfo
+ einfo "Scanning datadir(s) from slapd.conf and"
+ einfo "the default installdir for Versiontags"
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+ einfo
+
+ # scan datadirs if we have a version tag
+ openldap_found_tag=0
+ have_files=0
+ for each in ${openldap_datadirs}; do
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
+ einfo "- Checking ${each}..."
+ if [ -r ${CURRENT_TAG} ] ; then
+ # yey, we have one :)
+ einfo " Found Versiontag in ${each}"
+ source ${CURRENT_TAG}
+ if [ "${OLDPF}" == "" ] ; then
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+ eerror "Please delete it"
+ eerror
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+ fi
+
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+ # are we on the same branch?
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+ ewarn " Versiontag doesn't match current major release!"
+ if [[ "${have_files}" == "1" ]] ; then
+ eerror " Versiontag says other major and you (probably) have datafiles!"
+ echo
+ openldap_upgrade_howto
+ else
+ einfo " No real problem, seems there's no database."
+ fi
+ else
+ einfo " Versiontag is fine here :)"
+ fi
+ else
+ einfo " Non-tagged dir ${each}"
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+ if [[ "${have_files}" == "1" ]] ; then
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+ echo
+
+ eerror
+ eerror "Your OpenLDAP Installation has a non tagged datadir that"
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+ eerror
+ eerror "Please export data if any entered and empty or remove"
+ eerror "the directory, installation has been stopped so you"
+ eerror "can take required action"
+ eerror
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+ eerror
+ die "Please move the datadir ${CURRENT_TAGDIR} away"
+ fi
+ fi
+ einfo
+ fi
+ done
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+ # Now we must check for the major version of sys-libs/db linked against.
+ SLAPD_PATH=${ROOT}/usr/$(get_libdir)/openldap/slapd
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+ NEWVER="$(use berkdb && db_findver sys-libs/db)"
+ local fail=0
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+ :
+ # Nothing wrong here.
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was not built against"
+ eerror " any version of sys-libs/db, but the new one will build"
+ eerror " against ${NEWVER} and your database may be inaccessible."
+ echo
+ fail=1
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be"
+ eerror " built against any version and your database may be"
+ eerror " inaccessible."
+ echo
+ fail=1
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then
+ eerror " Your existing version of OpenLDAP was built against"
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against"
+ eerror " ${NEWVER} and your database would be inaccessible."
+ echo
+ fail=1
+ fi
+ [ "${fail}" == "1" ] && openldap_upgrade_howto
+ fi
+
+ echo
+ einfo
+ einfo "All datadirs are fine, proceeding with merge now..."
+ einfo
+}
+
+openldap_upgrade_howto() {
+ eerror
+ eerror "A (possible old) installation of OpenLDAP was detected,"
+ eerror "installation will not proceed for now."
+ eerror
+ eerror "As major version upgrades can corrupt your database,"
+ eerror "you need to dump your database and re-create it afterwards."
+ eerror
+ eerror "Additionally, rebuilding against different major versions of the"
+ eerror "sys-libs/db libraries will cause your database to be inaccessible."
+ eerror ""
+ d="$(date -u +%s)"
+ l="/root/ldapdump.${d}"
+ i="${l}.raw"
+ eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+ eerror " 2. slapcat -l ${i}"
+ eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+ eerror " 5. emerge --update \=net-nds/${PF}"
+ eerror " 6. etc-update, and ensure that you apply the changes"
+ eerror " 7. slapadd -l ${l}"
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+ eerror " 9. /etc/init.d/slapd start"
+ eerror "10. check that your data is intact."
+ eerror "11. set up the new replication system."
+ eerror
+ if [ "${FORCE_UPGRADE}" != "1" ]; then
+ die "You need to upgrade your database first"
+ else
+ eerror "You have the magical FORCE_UPGRADE=1 in place."
+ eerror "Don't say you weren't warned about data loss."
+ fi
+}
+
+pkg_setup() {
+ if ! use sasl && use cxx ; then
+ die "To build the ldapc++ library you must emerge openldap with sasl support"
+ fi
+ if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+ einfo
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+ einfo
+ else
+ openldap_find_versiontags
+ fi
+
+ enewgroup ldap 439
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+}
+
+src_prepare() {
+ # ensure correct SLAPI path by default
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
+ "${S}"/include/ldap_defaults.h
+
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+ epatch \
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+ # bug #116045 - still present in 2.4.19
+ epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch
+
+ # bug #189817
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+ # bug #233633
+ epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+ cd "${S}"/build
+ einfo "Making sure upstream build strip does not do stripping too early"
+ sed -i.orig \
+ -e '/^STRIP/s,-s,,g' \
+ top.mk || die "Failed to block stripping"
+
+ # wrong assumption that /bin/sh is /bin/bash
+ sed -i \
+ -e 's|/bin/sh|/bin/bash|g' \
+ "${S}"/tests/scripts/* || die "sed failed"
+}
+
+build_contrib_module() {
+ lt="${S}/libtool"
+ # <dir> <sources> <outputname>
+ cd "${S}/contrib/slapd-modules/$1"
+ einfo "Compiling contrib-module: $3"
+ # Make sure it's uppercase
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -D${define_name}=SLAPD_MOD_DYNAMIC \
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+ einfo "Linking contrib-module: $3"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath /usr/$(get_libdir)/openldap/openldap \
+ -o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+ local myconf
+
+ #Fix for glibc-2.8 and ucred. Bug 228457.
+ append-flags -D_GNU_SOURCE
+
+ use debug && myconf="${myconf} $(use_enable debug)"
+
+ # ICU usage is not configurable
+ export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)"
+
+ if ! use minimal ; then
+ # re-enable serverside overlay chains per bug #296567
+ # see ldap docs chaper 12.3.1 for details
+ myconf="${myconf} --enable-ldap"
+
+ # backends
+ myconf="${myconf} --enable-slapd"
+ if use berkdb ; then
+ einfo "Using Berkeley DB for local backend"
+ myconf="${myconf} --enable-bdb --enable-hdb"
+ # We need to include the slotted db.h dir for FreeBSD
+ append-cppflags -I$(db_includedir)
+ else
+ ewarn
+ ewarn "Note: if you disable berkdb, you can only use remote-backends!"
+ ewarn
+ ebeep 5
+ myconf="${myconf} --disable-bdb --disable-hdb"
+ fi
+ for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
+ myconf="${myconf} --enable-${backend}=mod"
+ done
+
+ myconf="${myconf} $(use_enable perl perl mod)"
+
+ myconf="${myconf} $(use_enable odbc sql mod)"
+ if use odbc ; then
+ local odbc_lib="unixodbc"
+ if use iodbc ; then
+ odbc_lib="iodbc"
+ append-cppflags -I/usr/include/iodbc
+ fi
+ myconf="${myconf} --with-odbc=${odbc_lib}"
+ fi
+
+ # slapd options
+ myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
+ myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)"
+ if use experimental ; then
+ myconf="${myconf} --enable-dynacl"
+ myconf="${myconf} --enable-aci=mod"
+ fi
+ for option in aci cleartext modules rewrite rlookups slapi; do
+ myconf="${myconf} --enable-${option}"
+ done
+
+ # slapd overlay options
+ # Compile-in the syncprov, the others as module
+ myconf="${myconf} --enable-syncprov=yes"
+ use overlays && myconf="${myconf} --enable-overlays=mod"
+
+ else
+ myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb"
+ myconf="${myconf} --disable-overlays --disable-syslog"
+ fi
+
+ # basic functionality stuff
+ myconf="${myconf} $(use_enable ipv6)"
+ myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
+ myconf="${myconf} $(use_enable tcpd wrappers)"
+
+ local ssl_lib="no"
+ if use ssl || ( use ! minimal && use samba ) ; then
+ ssl_lib="openssl"
+ use gnutls && ssl_lib="gnutls"
+ fi
+
+ myconf="${myconf} --with-tls=${ssl_lib}"
+
+ for basicflag in dynamic local proctitle shared static; do
+ myconf="${myconf} --enable-${basicflag}"
+ done
+
+ tc-export CC AR CXX
+ STRIP=/bin/true \
+ econf \
+ --libexecdir=/usr/$(get_libdir)/openldap \
+ ${myconf} || die "econf failed"
+}
+
+src_configure_cxx() {
+ # This needs the libraries built by the first build run.
+ # So we have to run it AFTER the main build, not just after the main
+ # configure.
+ if ! use minimal ; then
+ if use cxx ; then
+ local myconf_ldapcpp
+ myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include"
+ cd "${S}/contrib/ldapc++"
+ OLD_LDFLAGS="$LDFLAGS"
+ OLD_CPPFLAGS="$CPPFLAGS"
+ append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs
+ append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs
+ append-cppflags -I../../../include
+ econf ${myconf_ldapcpp} \
+ CC="${CC}" \
+ CXX="${CXX}" \
+ || die "econf ldapc++ failed"
+ CPPFLAGS="$OLD_CPPFLAGS"
+ LDFLAGS="${OLD_LDFLAGS}"
+ fi
+ fi
+}
+
+src_compile() {
+ emake depend || die "emake depend failed"
+ emake CC="${CC}" AR="${AR}" || die "emake failed"
+ lt="${S}/libtool"
+ export echo="echo"
+
+ if ! use minimal ; then
+ if use cxx ; then
+ einfo "Building contrib library: ldapc++"
+ src_configure_cxx
+ cd "${S}/contrib/ldapc++"
+ emake \
+ CC="${CC}" CXX="${CXX}" \
+ || die "emake ldapc++ failed"
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Building contrib-module: smbk5pwd"
+ cd "${S}/contrib/slapd-modules/smbk5pwd"
+
+ emake \
+ DEFS="-DDO_SAMBA -DDO_KRB5" \
+ KRB5_INC="$(krb5-config --cflags)" \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
+ || die "emake smbk5pwd failed"
+ fi
+
+ if use kerberos ; then
+ cd "${S}/contrib/slapd-modules/passwd"
+ einfo "Compiling contrib-module: pw-kerberos"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I../../../include \
+ ${CFLAGS} \
+ $(krb5-config --cflags) \
+ -DHAVE_KRB5 \
+ -o kerberos.lo \
+ -c kerberos.c || die "compiling pw-kerberos failed"
+ einfo "Linking contrib-module: pw-kerberos"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath /usr/$(get_libdir)/openldap/openldap \
+ -o pw-kerberos.la \
+ kerberos.lo || die "linking pw-kerberos failed"
+ fi
+ # We could build pw-radius if GNURadius would install radlib.h
+ cd "${S}/contrib/slapd-modules/passwd"
+ einfo "Compiling contrib-module: pw-netscape"
+ "${lt}" --mode=compile --tag=CC \
+ "${CC}" \
+ -I../../../include \
+ ${CFLAGS} \
+ -o netscape.lo \
+ -c netscape.c || die "compiling pw-netscape failed"
+ einfo "Linking contrib-module: pw-netscape"
+ "${lt}" --mode=link --tag=CC \
+ "${CC}" -module \
+ ${CFLAGS} \
+ ${LDFLAGS} \
+ -rpath /usr/$(get_libdir)/openldap/openldap \
+ -o pw-netscape.la \
+ netscape.lo || die "linking pw-netscape failed"
+
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+ build_contrib_module "allop" "allop.c" "overlay-allop"
+ build_contrib_module "allowed" "allowed.c" "allowed"
+ build_contrib_module "autogroup" "autogroup.c" "autogroup"
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+ # lastmod may not play well with other overlays
+ build_contrib_module "lastmod" "lastmod.c" "lastmod"
+ build_contrib_module "nops" "nops.c" "nops-overlay"
+ build_contrib_module "trace" "trace.c" "trace"
+ # build slapi-plugins
+ cd "${S}/contrib/slapi-plugins/addrdnvalues"
+ einfo "Building contrib-module: addrdnvalues plugin"
+ "${CC}" -shared \
+ -I../../../include \
+ ${CFLAGS} \
+ -fPIC \
+ ${LDFLAGS} \
+ -o libaddrdnvalues-plugin.so \
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+ fi
+}
+
+src_test() {
+ cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+ lt="${S}/libtool"
+ emake DESTDIR="${D}" install || die "make install failed"
+
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
+ docinto rfc ; dodoc doc/rfc/*.txt
+
+ # openldap modules go here
+ # TODO: write some code to populate slapd.conf with moduleload statements
+ keepdir /usr/$(get_libdir)/openldap/openldap/
+
+ # initial data storage dir
+ keepdir /var/lib/openldap-data
+ fowners ldap:ldap /var/lib/openldap-data
+ fperms 0700 /var/lib/openldap-data
+
+ echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+ # change slapd.pid location in configuration file
+ keepdir /var/run/openldap
+ fowners ldap:ldap /var/run/openldap
+ fperms 0755 /var/run/openldap
+
+ if ! use minimal; then
+ # use our config
+ rm "${D}"etc/openldap/slapd.conf
+ insinto /etc/openldap
+ newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
+ configfile="${D}"etc/openldap/slapd.conf
+
+ # populate with built backends
+ ebegin "populate config with built backends"
+ for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ elog "Adding $(basename ${x})"
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+ done
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+ fowners root:ldap /etc/openldap/slapd.conf
+ fperms 0640 /etc/openldap/slapd.conf
+ cp "${configfile}" "${configfile}".default
+ eend
+
+ # install our own init scripts
+ newinitd "${FILESDIR}"/slapd-initd2 slapd
+ newconfd "${FILESDIR}"/slapd-confd slapd
+ if [ $(get_libdir) != lib ]; then
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd
+ fi
+
+ if use cxx ; then
+ einfo "Install the ldapc++ library"
+ cd "${S}/contrib/ldapc++"
+ emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed"
+ newdoc README ldapc++-README
+ fi
+
+ if use smbkrb5passwd ; then
+ einfo "Install the smbk5pwd module"
+ cd "${S}/contrib/slapd-modules/smbk5pwd"
+ emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed"
+ newdoc README smbk5pwd-README
+ fi
+
+ einfo "Installing contrib modules"
+ cd "${S}/contrib/slapd-modules"
+ for l in */*.la; do
+ "${lt}" --mode=install cp ${l} \
+ "${D}"usr/$(get_libdir)/openldap/openldap || \
+ die "installing ${l} failed"
+ done
+ docinto contrib
+ newdoc addpartial/README addpartial-README
+ newdoc allop/README allop-README
+ doman allop/slapo-allop.5
+ newdoc autogroup/README autogroup-README
+ newdoc denyop/denyop.c denyop-denyop.c
+ newdoc dsaschema/README dsaschema-README
+ doman lastmod/slapo-lastmod.5
+ doman nops/slapo-nops.5
+ newdoc passwd/README passwd-README
+ cd "${S}/contrib/slapi-plugins"
+ insinto /usr/$(get_libdir)/openldap/openldap
+ doins */*.so
+ docinto contrib
+ newdoc addrdnvalues/README addrdnvalues-README
+ fi
+}
+
+pkg_preinst() {
+ # keep old libs if any
+ preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0
+}
+
+pkg_postinst() {
+ if ! use minimal ; then
+ # You cannot build SSL certificates during src_install that will make
+ # binary packages containing your SSL key, which is both a security risk
+ # and a misconfiguration if multiple machines use the same key and cert.
+ if use ssl; then
+ install_cert /etc/openldap/ssl/ldap
+ chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+ ewarn "add 'TLS_REQCERT never' if you want to use them."
+ fi
+
+ # These lines force the permissions of various content to be correct
+ chown ldap:ldap "${ROOT}"var/run/openldap
+ chmod 0755 "${ROOT}"var/run/openldap
+ chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
+ chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm}
+ fi
+
+ elog "Getting started using OpenLDAP? There is some documentation available:"
+ elog "Gentoo Guide to OpenLDAP Authentication"
+ elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
+ elog "---"
+ elog "An example file for tuning BDB backends with openldap is"
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0
+}