summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2021-12-03 16:38:37 +0100
committerLars Wendler <polynomial-c@gentoo.org>2021-12-03 16:39:06 +0100
commit96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353 (patch)
treeae53bc2427b8521899a6b452bfa0a139b9221503
parentnet-fs/samba: Removed old (diff)
downloadgentoo-96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353.tar.gz
gentoo-96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353.tar.bz2
gentoo-96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353.zip
net-fs/samba: Security cleanup
Bug: https://bugs.gentoo.org/821688 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-rw-r--r--net-fs/samba/Manifest1
-rw-r--r--net-fs/samba/samba-4.14.9.ebuild339
2 files changed, 0 insertions, 340 deletions
diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest
index 0bd4d0b090de..fd3ea6e68854 100644
--- a/net-fs/samba/Manifest
+++ b/net-fs/samba/Manifest
@@ -1,3 +1,2 @@
DIST samba-4.14.10.tar.gz 19134066 BLAKE2B c6daebc7abbf2ed371ed694e4478d05875d55f7c5a9f83461932eebd7fe9089ff15e0530555d468e64f897d4cadab86e8c0acbfbd20938b3be842cb4324486e2 SHA512 0e1dd386d185cf77a2be4155646e98b3218316b5c290358684ec8eed747ffea67aa7db0937edc971fb791dc47f0f51306db33eb3b8cb65cca8787f18fd4b7f1c
-DIST samba-4.14.9.tar.gz 19063803 BLAKE2B 157665aba6d2449781ad3781deb2cdb3ae325879a796b8ba07a9d981ed93aaccd7f098841136a3be9d4e304ecba00b7ecb0c4a84cdfc6593172d4bc66cb38c69 SHA512 e7eb8b55656f51d94d99358dbe39869a74e34b2c69e14ac813c2387a4b2a10d8a5c22ad9b6a3a3ed4dcec4c13df810f577e22d7f1cc903176c0962e412496deb
DIST samba-4.15.2.tar.gz 19252338 BLAKE2B aded33cbefce69c9b20148de1be224514de5cc825404e8188fb0a96022d0fdc6595256f74a5e295fd2e1062e8520775b6c59c1d6a7bf80a52ed9fa9db412dcdd SHA512 6fdf9db0da90332afe527703066cca4ec5b0ec6bf6a5979443953f9fbc18b870a7e2445a41c9ae3d63f7738c9c0282e7ca82f6066aa68e151eec248615ea7b21
diff --git a/net-fs/samba/samba-4.14.9.ebuild b/net-fs/samba/samba-4.14.9.ebuild
deleted file mode 100644
index d94a70025926..000000000000
--- a/net-fs/samba/samba-4.14.9.ebuild
+++ /dev/null
@@ -1,339 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..9} )
-PYTHON_REQ_USE="threads(+),xml(+)"
-inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam tmpfiles
-
-DESCRIPTION="Samba Suite Version 4"
-HOMEPAGE="https://samba.org/"
-
-MY_PV="${PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-if [[ ${PV} = *_rc* ]]; then
- SRC_URI="mirror://samba/rc/${MY_P}.tar.gz"
-else
- SRC_URI="mirror://samba/stable/${MY_P}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv sparc x86"
-fi
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam glusterfs
-gpg iprint json ldap ntvfs pam profiling-data python quota +regedit selinux
-snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind
-zeroconf"
-
-REQUIRED_USE="${PYTHON_REQUIRED_USE}
- addc? ( python json winbind )
- addns? ( python )
- ads? ( acl ldap winbind )
- cluster? ( ads )
- gpg? ( addc )
- ntvfs? ( addc )
- spotlight? ( json )
- test? ( python )
- !ads? ( !addc )
- ?? ( system-heimdal system-mitkrb5 )
-"
-
-# the test suite is messed, it uses system-installed samba
-# bits instead of what was built, tests things disabled via use
-# flags, and generally just fails to work in a way ebuilds could
-# rely on in its current state
-RESTRICT="test"
-
-MULTILIB_WRAPPED_HEADERS=(
- /usr/include/samba-4.0/policy.h
- /usr/include/samba-4.0/dcerpc_server.h
- /usr/include/samba-4.0/ctdb.h
- /usr/include/samba-4.0/ctdb_client.h
- /usr/include/samba-4.0/ctdb_protocol.h
- /usr/include/samba-4.0/ctdb_private.h
- /usr/include/samba-4.0/ctdb_typesafe_cb.h
- /usr/include/samba-4.0/ctdb_version.h
-)
-
-COMMON_DEPEND="
- >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}]
- dev-lang/perl:=
- dev-libs/icu:=[${MULTILIB_USEDEP}]
- dev-libs/libbsd[${MULTILIB_USEDEP}]
- dev-libs/libtasn1[${MULTILIB_USEDEP}]
- dev-libs/popt[${MULTILIB_USEDEP}]
- dev-perl/Parse-Yapp
- >=net-libs/gnutls-3.4.7[${MULTILIB_USEDEP}]
- net-libs/libnsl:=[${MULTILIB_USEDEP}]
- sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}]
- >=sys-libs/ldb-2.3.1[ldap(+)?,${MULTILIB_USEDEP}]
- <sys-libs/ldb-2.4.0[ldap(+)?,${MULTILIB_USEDEP}]
- sys-libs/libcap[${MULTILIB_USEDEP}]
- sys-libs/liburing:=[${MULTILIB_USEDEP}]
- sys-libs/ncurses:0=
- sys-libs/readline:0=
- >=sys-libs/talloc-2.3.2[${MULTILIB_USEDEP}]
- >=sys-libs/tdb-1.4.3[${MULTILIB_USEDEP}]
- >=sys-libs/tevent-0.10.2[${MULTILIB_USEDEP}]
- sys-libs/zlib[${MULTILIB_USEDEP}]
- virtual/libcrypt:=[${MULTILIB_USEDEP}]
- virtual/libiconv
- $(python_gen_cond_dep "
- addc? (
- dev-python/dnspython:=[\${PYTHON_USEDEP}]
- dev-python/markdown[\${PYTHON_USEDEP}]
- )
- addns? (
- dev-python/dnspython:=[\${PYTHON_USEDEP}]
- net-dns/bind-tools[gssapi]
- )
- ")
- !alpha? ( !sparc? ( sys-libs/libunwind:= ) )
- acl? ( virtual/acl )
- ceph? ( sys-cluster/ceph )
- cluster? ( net-libs/rpcsvc-proto )
- cups? ( net-print/cups )
- debug? ( dev-util/lttng-ust )
- dmapi? ( sys-apps/dmapi )
- fam? ( virtual/fam )
- gpg? ( app-crypt/gpgme )
- json? ( dev-libs/jansson:= )
- ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
- pam? ( sys-libs/pam )
- python? (
- sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}]
- sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}]
- sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}]
- sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}]
- )
- snapper? ( sys-apps/dbus )
- system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] )
- system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] )
- systemd? ( sys-apps/systemd:0= )
- zeroconf? ( net-dns/avahi[dbus] )
-"
-DEPEND="${COMMON_DEPEND}
- >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}]
- net-libs/libtirpc[${MULTILIB_USEDEP}]
- || (
- net-libs/rpcsvc-proto
- <sys-libs/glibc-2.26[rpc(+)]
- )
- spotlight? ( dev-libs/glib )
- test? (
- $(python_gen_cond_dep "dev-python/subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" )
- !system-mitkrb5? (
- >=net-dns/resolv_wrapper-1.1.4
- >=net-libs/socket_wrapper-1.1.9
- >=sys-libs/nss_wrapper-1.1.3
- >=sys-libs/uid_wrapper-1.2.1
- )
- )"
-RDEPEND="${COMMON_DEPEND}
- client? ( net-fs/cifs-utils[ads?] )
- python? ( ${PYTHON_DEPS} )
- selinux? ( sec-policy/selinux-samba )
-"
-BDEPEND="${PYTHON_DEPS}
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt
- virtual/pkgconfig
-"
-
-PATCHES=(
- "${FILESDIR}/${PN}-4.4.0-pam.patch"
-)
-
-#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)"
-CONFDIR="${FILESDIR}/4.4"
-
-WAF_BINARY="${S}/buildtools/bin/waf"
-
-SHAREDMODS=""
-
-pkg_setup() {
- # Package fails to build with distcc
- export DISTCC_DISABLE=1
-
- python-single-r1_pkg_setup
-
- SHAREDMODS="$(usex snapper '' '!')vfs_snapper"
- if use cluster ; then
- SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad"
- elif use ads ; then
- SHAREDMODS+=",idmap_ad"
- fi
-}
-
-src_prepare() {
- default
-
- # un-bundle dnspython
- sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die
-
- # unbundle iso8601 unless tests are enabled
- if ! use test ; then
- sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die
- fi
-
- ## ugly hackaround for bug #592502
- #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die
-
- sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \
- -i source4/dsdb/samdb/ldb_modules/password_hash.c \
- || die
-
- # Friggin' WAF shit
- multilib_copy_sources
-}
-
-multilib_src_configure() {
- # when specifying libs for samba build you must append NONE to the end to
- # stop it automatically including things
- local bundled_libs="NONE"
- if ! use system-heimdal && ! use system-mitkrb5 ; then
- bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE"
- fi
-
- local myconf=(
- --enable-fhs
- --sysconfdir="${EPREFIX}/etc"
- --localstatedir="${EPREFIX}/var"
- --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba"
- --with-piddir="${EPREFIX}/run/${PN}"
- --bundled-libraries="${bundled_libs}"
- --builtin-libraries=NONE
- --disable-rpath
- --disable-rpath-install
- --nopyc
- --nopyo
- --without-winexe
- $(multilib_native_use_with acl acl-support)
- $(multilib_native_usex addc '' '--without-ad-dc')
- $(multilib_native_use_with addns dnsupdate)
- $(multilib_native_use_with ads)
- $(multilib_native_use_enable ceph cephfs)
- $(multilib_native_use_with cluster cluster-support)
- $(multilib_native_use_enable cups)
- $(multilib_native_use_with dmapi)
- $(multilib_native_use_with fam)
- $(multilib_native_use_enable glusterfs)
- $(multilib_native_use_with gpg gpgme)
- $(multilib_native_use_with json)
- $(multilib_native_use_enable iprint)
- $(multilib_native_use_with ntvfs ntvfs-fileserver)
- $(multilib_native_use_with pam)
- $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '')
- $(multilib_native_use_with quota quotas)
- $(multilib_native_use_with regedit)
- $(multilib_native_use_enable spotlight)
- $(multilib_native_use_with syslog)
- $(multilib_native_use_with systemd)
- --systemd-install-services
- --with-systemddir="$(systemd_get_systemunitdir)"
- $(multilib_native_use_with winbind)
- $(multilib_native_usex python '' '--disable-python')
- $(multilib_native_use_enable zeroconf avahi)
- $(multilib_native_usex test '--enable-selftest' '')
- $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '')
- $(use_with debug lttng)
- $(use_with ldap)
- $(use_with profiling-data)
- # bug #683148
- --jobs 1
- )
-
- if multilib_is_native_abi ; then
- myconf+=( --with-shared-modules=${SHAREDMODS} )
- else
- myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper )
- fi
-
- CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \
- waf-utils_src_configure ${myconf[@]}
-}
-
-multilib_src_compile() {
- waf-utils_src_compile
-}
-
-multilib_src_install() {
- waf-utils_src_install
-
- # Make all .so files executable
- find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die
-
- if multilib_is_native_abi ; then
- # install ldap schema for server (bug #491002)
- if use ldap ; then
- insinto /etc/openldap/schema
- doins examples/LDAP/samba.schema
- fi
-
- # create symlink for cups (bug #552310)
- if use cups ; then
- dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb
- fi
-
- # install example config file
- insinto /etc/samba
- doins examples/smb.conf.default
-
- # Fix paths in example file (#603964)
- sed \
- -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \
- -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \
- -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \
- -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \
- -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \
- -i "${ED}"/etc/samba/smb.conf.default || die
-
- # Install init script and conf.d file
- newinitd "${CONFDIR}/samba4.initd-r1" samba
- newconfd "${CONFDIR}/samba4.confd" samba
-
- dotmpfiles "${FILESDIR}"/samba.conf
- use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die
-
- # Preserve functionality for old gentoo-specific unit names
- dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service"
- dosym smb.service "$(systemd_get_systemunitdir)/smbd.service"
- dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service"
- fi
-
- if use pam && use winbind ; then
- newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind
- # bugs #376853 and #590374
- insinto /etc/security
- doins examples/pam_winbind/pam_winbind.conf
- fi
-
- keepdir /var/cache/samba
- keepdir /var/lib/ctdb
- keepdir /var/lib/samba/{bind-dns,private}
- keepdir /var/lock/samba
- keepdir /var/log/samba
-}
-
-multilib_src_test() {
- if multilib_is_native_abi ; then
- "${WAF_BINARY}" test || die "test failed"
- fi
-}
-
-pkg_postinst() {
- tmpfiles_process samba.conf
-
- if [[ -z ${REPLACING_VERSIONS} ]] ; then
- elog "Be aware that this release contains the best of all of Samba's"
- elog "technology parts, both a file server (that you can reasonably expect"
- elog "to upgrade existing Samba 3.x releases to) and the AD domain"
- elog "controller work previously known as 'samba4'."
- elog
- fi
- elog "For further information and migration steps make sure to read "
- elog "https://samba.org/samba/history/${P}.html "
- elog "https://wiki.samba.org/index.php/Samba4/HOWTO "
-}