From 6e5574cfdbc454b77bf24f6a88914eb57ff03b78 Mon Sep 17 00:00:00 2001 From: Lars Wendler Date: Tue, 17 Dec 2019 14:47:36 +0100 Subject: [PATCH] net-fs/samba: Security bump to versions 4.9.17, 4.10.11 and 4.11.4 Bug: https://bugs.gentoo.org/702928 Package-Manager: Portage-2.3.82, Repoman-2.3.20 Signed-off-by: Lars Wendler --- net-fs/samba/Manifest | 3 + net-fs/samba/samba-4.10.11.ebuild | 315 ++++++++++++++++++++++++++++++ net-fs/samba/samba-4.11.4.ebuild | 311 +++++++++++++++++++++++++++++ net-fs/samba/samba-4.9.17.ebuild | 308 +++++++++++++++++++++++++++++ 4 files changed, 937 insertions(+) create mode 100644 net-fs/samba/samba-4.10.11.ebuild create mode 100644 net-fs/samba/samba-4.11.4.ebuild create mode 100644 net-fs/samba/samba-4.9.17.ebuild diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest index c98d5997b9ab..75e3be93f814 100644 --- a/net-fs/samba/Manifest +++ b/net-fs/samba/Manifest @@ -1,8 +1,10 @@ DIST samba-4.10.10.tar.gz 18335638 BLAKE2B f8c215b82fea4ef69b9baf8ffac417e8530b17e4974c249fbf566c231374c299f4de9a1fd9ba5027fdf41d59f3e275456a6e1e435edd4bebba35eacbaa9a9c1a SHA512 d82f96af5754d484673d3497b2837d9df06352d7be4810fe6d812d64db5b95d588ed42d5565bf0f6f7c305bb9c6d3274e740ea9acd75b32aad75d0b38e4d2bc9 +DIST samba-4.10.11.tar.gz 18342499 BLAKE2B 9555f0e7ee46a7d372defd1c0978024cf36e23a33229cba2e374bed7bad67cb1e24ad5f37e989e01397fec2bcf7aa403bbb67669a764ec0a669571b182915c34 SHA512 776978698cc2d0e86d22d61caadc24f886f0e7fd35788806ebc641502a9a1f4a46afcde7c82e3d644eaaef8c302da5f795b9518681014b7f46a39422766fb758 DIST samba-4.10.2.tar.gz 18280710 BLAKE2B f15b117d1159dfa6cd279c5011629d688fcfba94a2ca8184a827d0787a31f76a38f46b355454b916f2e62c0a88109b86664f6bb16fc0e23d0f61d09908e587cd SHA512 3d146ea12567ebb02a7babcad779b82339ffbfb19f6f2be5cac33eb18af2c9b546dc1cd910072a5c9e152ba9c4a632ed6870c48a8f6ad9d04304b130f240a4bf DIST samba-4.10.8.tar.gz 18316560 BLAKE2B a1b89169a13eb96202e846e9e501b364235d61459a5d2f2e443af569d8a754df8546b5fb52e9e1b9629535d838a7fdfd9cd1fb631870880dad9981587c14be5f SHA512 14d463dfba36473f4a1d2b306ff2a18c664e1a01bc8077ef62afc6796cf4dd65461d72b519b8df3a777eaf322cb98653b416468d770541cd21fab2383c8dce66 DIST samba-4.11.1.tar.gz 18516111 BLAKE2B d2f557f0e53782783189c415cd086065a37b6808707dc0ec5096175a75eab9d6045b41ac1597ca1ea2d463a8261d7b299602f2da5dfecf5dddaf03d89ea1056a SHA512 3a711b11254cff4c0d74f883d8bc6e454094ba2c6a10fb0d08e85cbed11a1326bb39f0e47600380a5f293a14a6463dbd09be7404305923ac579b6f85072309c8 DIST samba-4.11.2.tar.gz 18516056 BLAKE2B 2b2a11e9b72deec54cf19830a402a5f2ae0dc2c3437116a636823d29e55c68842fce2434d196d567a8250b59e5bdffe9af367592c6949496f63caccbf4a5cb6f SHA512 f91053f019c9f979d7e29af00ea9b03a79c6f8efe91413ac2d6dca823f45ca9c30686264fdc0545dddabc687ad369a80c9ec78ebe75d1787dfc9b834233e12c1 +DIST samba-4.11.4.tar.gz 18530105 BLAKE2B 39e0cc6965681f3d64e861edebe2b77e558b68d9a3f4d7fa52e6ccfe704f2294fb3fb1a619d07d2130f36b1bf572300c733a273ccf78d554807e0f5897dcbcff SHA512 18ae1cb8b092c441a3fd4c6ecc9f35841dc51e3061f435107f7d2579b5e8ca6f8c96a947627dbd401b81c7de2293ff2587c30be694e160bf8a10c6d15aa73880 DIST samba-4.5.11-disable-python-patches.tar.xz 6292 BLAKE2B c2a32a1059a02bc1c87ce5f604cbc5878c654b8f693c8486b5ba63b37513444915a7b6389fe82b7e31ab2f9577dd8462eddba60b4f4f756b4ed1145ce7bd90ae SHA512 f0e3076e3e1ecaae3f06b3ef30efc81719fb3f63a1041dcbdae4b62ca4cf693732f9eb16f047d046d4930136fed82194e82b455ea888e12cf845b3e6a122d57d DIST samba-4.5.16.tar.gz 21024396 BLAKE2B e737559fb748044076608fa233700eb54c7e1c56bc234763f062b6341a179cc78a4a8cdf9f3d6f4d7f3cf8a79f846852ddd5cc753a468c3adb3a0451e1809ed9 SHA512 de8a41013cfb5ef3adcb290efd97a78a5de876d90ad05764d631f14e663a1849bb53e4ac394b46c906f1109be5748fee9316407a659c57007d36851ae8adcd7f DIST samba-4.8.12.tar.gz 17764832 BLAKE2B d2c0c8b9090da7c94b9343fd3f416e9aafad64273abc9be0639b011f71072926a0b303cf53e63c4e470aeb168e8ec23003b5f4ed4258aac8d6b3d029f71fba6f SHA512 f29595f6390d01860cb6acd750d2e36b4d207dd1da16465c21c8d6d732ce27bd0582a0f34296081e2659638d839c8b12f28deccc31982afa94650da8bce8df8b @@ -10,3 +12,4 @@ DIST samba-4.8.6.tar.gz 17723841 BLAKE2B 38da52e14b4417f26462eef2226c4498e54d2c2 DIST samba-4.9.13.tar.gz 18109481 BLAKE2B 948ef6b0e1a9796c70635119f5aea5887e9f1c1d2a5264d072f3f3d218dfae3b6a16c640233063c9df0670dc7835a92a8c97447f57518aa9d387bc5d04831675 SHA512 ce80486c9ab093d44ee68b0e2ab28f9af97c7ed00cca1b8a0c65de18254ae40759a1e9fcb9a0ba18006aa296c6a6fbadf53dcd730785a96ac0c167efdbe9d3ae DIST samba-4.9.15.tar.gz 18110369 BLAKE2B fb09601f424b7e0368328023a80c3dbfcfc48e6d66d59bf13b828e9706d3e663b8fc80f0baecdc6b646855750e64f96d961edbeaf2110b6432568f600f9ddad6 SHA512 6eb589ad3a5070b5649f1c76bafd2d691c3efbef264a100f5cdda457ccdb633fcbe64a9c4f7f0b8a5422fa08aa73534dc6f87248c6c871a1fa09577364e962c0 DIST samba-4.9.16.tar.gz 18110660 BLAKE2B 5a75fb9b0010ce7a2eec00e911744a2b180525eea06ca08126bbfd558928e4165ed32da449ee31ee8e7f1bc705949548b9a6da8ed60de23a616bdb0acd020690 SHA512 bd9e7ee68351f0a7d006b47ed102bbd2984c08b483b20f4cf1db0354bef725d2e77816f7f3c3a20da46f69c4c9a476a18d22b8197414ea427abbd3acf6be6db0 +DIST samba-4.9.17.tar.gz 18100548 BLAKE2B c0b9a869b67fafaaa09776c472d8a7fd56eed10577ea554d07a8ed1d591dcb783381ea3d2c026315bdeebb0b4a8d456d4193da65be1a88b246d235ecda70cac0 SHA512 658fd4a073e7f93ccb270d63d4a12fc29ec30d3928464f81c583c85706d3a559794dbde23c6dee17ac7c3333ce2c5afb965c152fdeb6b7bd643fe1bafcd35823 diff --git a/net-fs/samba/samba-4.10.11.ebuild b/net-fs/samba/samba-4.10.11.ebuild new file mode 100644 index 000000000000..1f0de6ef9a86 --- /dev/null +++ b/net-fs/samba/samba-4.10.11.ebuild @@ -0,0 +1,315 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python3_{5,6,7} ) +PYTHON_REQ_USE='threads(+),xml(+)' + +inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +SRC_PATH="stable" +[[ ${PV} = *_rc* ]] && SRC_PATH="rc" + +SRC_URI="mirror://samba/${SRC_PATH}/${MY_P}.tar.gz" +[[ ${PV} = *_rc* ]] || \ +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://www.samba.org/" +LICENSE="GPL-3" + +SLOT="0" + +IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam gnutls gpg +iprint json ldap pam profiling-data python quota selinux syslog system-heimdal ++system-mitkrb5 systemd test winbind zeroconf" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +# sys-apps/attr is an automagic dependency (see bug #489748) +CDEPEND=" + >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/libaio[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/iniparser:0 + dev-libs/popt[${MULTILIB_USEDEP}] + dev-python/subunit[${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=dev-util/cmocka-1.1.1[${MULTILIB_USEDEP}] + net-libs/libnsl:=[${MULTILIB_USEDEP}] + sys-apps/attr[${MULTILIB_USEDEP}] + >=sys-libs/ldb-1.5.6[ldap(+)?,python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + =sys-libs/talloc-2.1.16[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=sys-libs/tdb-1.3.18[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=sys-libs/tevent-0.9.39[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libiconv + pam? ( sys-libs/pam ) + acl? ( virtual/acl ) + addns? ( + net-dns/bind-tools[gssapi] + dev-python/dnspython:=[${PYTHON_USEDEP}] + ) + ceph? ( sys-cluster/ceph ) + cluster? ( + net-libs/rpcsvc-proto + !dev-db/ctdb + ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + dmapi? ( sys-apps/dmapi ) + fam? ( virtual/fam ) + gnutls? ( + dev-libs/libgcrypt:0 + >=net-libs/gnutls-1.4.0 + ) + gpg? ( app-crypt/gpgme ) + json? ( dev-libs/jansson ) + ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:0= ) + zeroconf? ( net-dns/avahi ) +" +DEPEND="${CDEPEND} + ${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + net-libs/libtirpc[${MULTILIB_USEDEP}] + virtual/pkgconfig + || ( + net-libs/rpcsvc-proto + =sys-libs/nss_wrapper-1.1.3 + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${CDEPEND} + python? ( ${PYTHON_DEPS} ) + client? ( net-fs/cifs-utils[ads?] ) + selinux? ( sec-policy/selinux-samba ) + !dev-perl/Parse-Yapp +" + +REQUIRED_USE=" + addc? ( python gnutls json winbind ) + addns? ( python ) + ads? ( acl gnutls ldap winbind ) + cluster? ( ads ) + gpg? ( addc ) + test? ( python ) + ?? ( system-heimdal system-mitkrb5 ) + ${PYTHON_REQUIRED_USE} +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}/${PN}-4.4.0-pam.patch" + "${FILESDIR}/${PN}-4.5.1-compile_et_fix.patch" + "${FILESDIR}/${PN}-4.9.2-timespec.patch" +) + +#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" +CONFDIR="${FILESDIR}/4.4" + +WAF_BINARY="${S}/buildtools/bin/waf" + +SHAREDMODS="" + +pkg_setup() { + python-single-r1_pkg_setup + if use cluster ; then + SHAREDMODS="idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS="idmap_ad" + fi +} + +src_prepare() { + default + + # un-bundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # ugly hackaround for bug #592502 + cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # Friggin' WAF shit + multilib_copy_sources +} + +multilib_src_configure() { + # when specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with addns dnsupdate) + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + $(multilib_native_use_with dmapi) + $(multilib_native_use_with fam) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') + $(use_enable gnutls) + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + ) + + multilib_is_native_abi && myconf+=( --with-shared-modules=${SHAREDMODS} ) + + CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + + if multilib_is_native_abi ; then + # install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb + fi + + # install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (#603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED%/}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + systemd_dotmpfilesd "${FILESDIR}"/samba.conf + systemd_dounit "${FILESDIR}"/nmbd.service + systemd_dounit "${FILESDIR}"/smbd.{service,socket} + systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service' + systemd_dounit "${FILESDIR}"/winbindd.service + systemd_dounit "${FILESDIR}"/samba.service + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi + + keepdir /var/cache/samba + keepdir /var/lib/ctdb + keepdir /var/lib/samba/{bind-dns,private} + keepdir /var/lock/samba + keepdir /var/log/samba + keepdir /var/run/{ctdb,samba} +} + +multilib_src_install_all() { + # Attempt to fix bug #673168 + find "${ED}" -type d -name "Yapp" -print0 \ + | xargs -0 --no-run-if-empty rm -r || die +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "test failed" + fi +} + +pkg_postinst() { + ewarn "Be aware the this release contains the best of all of Samba's" + ewarn "technology parts, both a file server (that you can reasonably expect" + ewarn "to upgrade existing Samba 3.x releases to) and the AD domain" + ewarn "controller work previously known as 'samba4'." + + elog "For further information and migration steps make sure to read " + elog "https://samba.org/samba/history/${P}.html " + elog "https://wiki.samba.org/index.php/Samba4/HOWTO " +} diff --git a/net-fs/samba/samba-4.11.4.ebuild b/net-fs/samba/samba-4.11.4.ebuild new file mode 100644 index 000000000000..ed4d6a71f7dd --- /dev/null +++ b/net-fs/samba/samba-4.11.4.ebuild @@ -0,0 +1,311 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python3_{5,6,7} ) +PYTHON_REQ_USE='threads(+),xml(+)' + +inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +SRC_PATH="stable" +[[ ${PV} = *_rc* ]] && SRC_PATH="rc" + +SRC_URI="mirror://samba/${SRC_PATH}/${MY_P}.tar.gz" +[[ ${PV} = *_rc* ]] || \ +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://www.samba.org/" +LICENSE="GPL-3" + +SLOT="0" + +IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam gpg iprint +json ldap pam profiling-data python quota selinux syslog system-heimdal ++system-mitkrb5 systemd test winbind zeroconf" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +# sys-apps/attr is an automagic dependency (see bug #489748) +CDEPEND=" + >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/libaio[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libgcrypt:0 + dev-libs/iniparser:0 + dev-libs/popt[${MULTILIB_USEDEP}] + dev-python/subunit[${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=dev-util/cmocka-1.1.1[${MULTILIB_USEDEP}] + >=net-libs/gnutls-3.2.0 + net-libs/libnsl:=[${MULTILIB_USEDEP}] + sys-apps/attr[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.0.8[ldap(+)?,python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + =sys-libs/talloc-2.2.0[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=sys-libs/tdb-1.4.2[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=sys-libs/tevent-0.10.0[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libiconv + pam? ( sys-libs/pam ) + acl? ( virtual/acl ) + addns? ( + net-dns/bind-tools[gssapi] + dev-python/dnspython:=[${PYTHON_USEDEP}] + ) + ceph? ( sys-cluster/ceph ) + cluster? ( + net-libs/rpcsvc-proto + !dev-db/ctdb + ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + dmapi? ( sys-apps/dmapi ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme ) + json? ( dev-libs/jansson ) + ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:0= ) + zeroconf? ( net-dns/avahi ) +" +DEPEND="${CDEPEND} + ${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + net-libs/libtirpc[${MULTILIB_USEDEP}] + virtual/pkgconfig + || ( + net-libs/rpcsvc-proto + =sys-libs/nss_wrapper-1.1.3 + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${CDEPEND} + python? ( ${PYTHON_DEPS} ) + client? ( net-fs/cifs-utils[ads?] ) + selinux? ( sec-policy/selinux-samba ) + !dev-perl/Parse-Yapp +" + +REQUIRED_USE=" + addc? ( python json winbind ) + addns? ( python ) + ads? ( acl ldap winbind ) + cluster? ( ads ) + gpg? ( addc ) + test? ( python ) + ?? ( system-heimdal system-mitkrb5 ) + ${PYTHON_REQUIRED_USE} +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}/${PN}-4.4.0-pam.patch" + "${FILESDIR}/${PN}-4.9.2-timespec.patch" +) + +#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" +CONFDIR="${FILESDIR}/4.4" + +WAF_BINARY="${S}/buildtools/bin/waf" + +SHAREDMODS="" + +pkg_setup() { + python-single-r1_pkg_setup + if use cluster ; then + SHAREDMODS="idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS="idmap_ad" + fi +} + +src_prepare() { + default + + # un-bundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # ugly hackaround for bug #592502 + cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # Friggin' WAF shit + multilib_copy_sources +} + +multilib_src_configure() { + # when specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with addns dnsupdate) + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + $(multilib_native_use_with dmapi) + $(multilib_native_use_with fam) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + ) + + multilib_is_native_abi && myconf+=( --with-shared-modules=${SHAREDMODS} ) + + CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + + if multilib_is_native_abi ; then + # install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb + fi + + # install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (#603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED%/}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + systemd_dotmpfilesd "${FILESDIR}"/samba.conf + systemd_dounit "${FILESDIR}"/nmbd.service + systemd_dounit "${FILESDIR}"/smbd.{service,socket} + systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service' + systemd_dounit "${FILESDIR}"/winbindd.service + systemd_dounit "${FILESDIR}"/samba.service + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi + + keepdir /var/cache/samba + keepdir /var/lib/ctdb + keepdir /var/lib/samba/{bind-dns,private} + keepdir /var/lock/samba + keepdir /var/log/samba + keepdir /var/run/{ctdb,samba} +} + +multilib_src_install_all() { + # Attempt to fix bug #673168 + find "${ED}" -type d -name "Yapp" -print0 \ + | xargs -0 --no-run-if-empty rm -r || die +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "test failed" + fi +} + +pkg_postinst() { + ewarn "Be aware the this release contains the best of all of Samba's" + ewarn "technology parts, both a file server (that you can reasonably expect" + ewarn "to upgrade existing Samba 3.x releases to) and the AD domain" + ewarn "controller work previously known as 'samba4'." + + elog "For further information and migration steps make sure to read " + elog "https://samba.org/samba/history/${P}.html " + elog "https://wiki.samba.org/index.php/Samba4/HOWTO " +} diff --git a/net-fs/samba/samba-4.9.17.ebuild b/net-fs/samba/samba-4.9.17.ebuild new file mode 100644 index 000000000000..3ad0587ccb32 --- /dev/null +++ b/net-fs/samba/samba-4.9.17.ebuild @@ -0,0 +1,308 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE='threads(+),xml(+)' + +inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +SRC_PATH="stable" +[[ ${PV} = *_rc* ]] && SRC_PATH="rc" + +SRC_URI="mirror://samba/${SRC_PATH}/${MY_P}.tar.gz" +[[ ${PV} = *_rc* ]] || \ +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://www.samba.org/" +LICENSE="GPL-3" + +SLOT="0" + +IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam gnutls gpg +iprint json ldap pam profiling-data python quota selinux syslog system-heimdal ++system-mitkrb5 systemd test winbind zeroconf" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +# sys-apps/attr is an automagic dependency (see bug #489748) +CDEPEND=" + >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/libaio[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/iniparser:0 + dev-libs/popt[${MULTILIB_USEDEP}] + dev-python/subunit[${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=dev-util/cmocka-1.1.1[${MULTILIB_USEDEP}] + net-libs/libnsl:=[${MULTILIB_USEDEP}] + sys-apps/attr[${MULTILIB_USEDEP}] + >=sys-libs/ldb-1.4.8[ldap(+)?,python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + =sys-libs/talloc-2.1.14[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=sys-libs/tdb-1.3.16[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + >=sys-libs/tevent-0.9.37[python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libiconv + pam? ( sys-libs/pam ) + acl? ( virtual/acl ) + addns? ( + net-dns/bind-tools[gssapi] + dev-python/dnspython:=[${PYTHON_USEDEP}] + ) + ceph? ( sys-cluster/ceph ) + cluster? ( + net-libs/rpcsvc-proto + !dev-db/ctdb + ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + dmapi? ( sys-apps/dmapi ) + fam? ( virtual/fam ) + gnutls? ( + dev-libs/libgcrypt:0 + >=net-libs/gnutls-1.4.0 + ) + gpg? ( app-crypt/gpgme ) + json? ( dev-libs/jansson ) + ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:0= ) + zeroconf? ( net-dns/avahi ) +" +DEPEND="${CDEPEND} + ${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + net-libs/libtirpc[${MULTILIB_USEDEP}] + virtual/pkgconfig + || ( + net-libs/rpcsvc-proto + =sys-libs/nss_wrapper-1.1.3 + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${CDEPEND} + python? ( ${PYTHON_DEPS} ) + client? ( net-fs/cifs-utils[ads?] ) + selinux? ( sec-policy/selinux-samba ) + !dev-perl/Parse-Yapp +" + +REQUIRED_USE=" + addc? ( python gnutls json winbind ) + addns? ( python ) + ads? ( acl gnutls ldap winbind ) + cluster? ( ads ) + gpg? ( addc ) + test? ( python ) + ?? ( system-heimdal system-mitkrb5 ) + ${PYTHON_REQUIRED_USE} +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}/${PN}-4.4.0-pam.patch" + "${FILESDIR}/${PN}-4.5.1-compile_et_fix.patch" + "${FILESDIR}/${PN}-4.9.2-timespec.patch" +) + +#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" +CONFDIR="${FILESDIR}/4.4" + +WAF_BINARY="${S}/buildtools/bin/waf" + +SHAREDMODS="" + +pkg_setup() { + python-single-r1_pkg_setup + if use cluster ; then + SHAREDMODS="idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS="idmap_ad" + fi +} + +src_prepare() { + default + + # un-bundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # ugly hackaround for bug #592502 + cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:::' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # Friggin' WAF shit + multilib_copy_sources +} + +multilib_src_configure() { + # when specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with addns dnsupdate) + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + $(multilib_native_use_with dmapi) + $(multilib_native_use_with fam) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json json-audit) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') + $(use_enable gnutls) + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + ) + multilib_is_native_abi && myconf+=( --with-shared-modules=${SHAREDMODS} ) + + CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + + if multilib_is_native_abi ; then + # install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb + fi + + # install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (#603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED%/}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + systemd_dotmpfilesd "${FILESDIR}"/samba.conf + systemd_dounit "${FILESDIR}"/nmbd.service + systemd_dounit "${FILESDIR}"/smbd.{service,socket} + systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service' + systemd_dounit "${FILESDIR}"/winbindd.service + systemd_dounit "${FILESDIR}"/samba.service + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi + + keepdir /var/cache/samba + keepdir /var/lib/ctdb + keepdir /var/lib/samba/{bind-dns,private} + keepdir /var/lock/samba + keepdir /var/log/samba + keepdir /var/run/{ctdb,samba} +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "test failed" + fi +} + +pkg_postinst() { + ewarn "Be aware the this release contains the best of all of Samba's" + ewarn "technology parts, both a file server (that you can reasonably expect" + ewarn "to upgrade existing Samba 3.x releases to) and the AD domain" + ewarn "controller work previously known as 'samba4'." + + elog "For further information and migration steps make sure to read " + elog "https://samba.org/samba/history/${P}.html " + elog "https://wiki.samba.org/index.php/Samba4/HOWTO " +} -- 2.26.2