diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2021-12-03 16:38:37 +0100 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2021-12-03 16:39:06 +0100 |
commit | 96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353 (patch) | |
tree | ae53bc2427b8521899a6b452bfa0a139b9221503 /net-fs | |
parent | net-fs/samba: Removed old (diff) | |
download | gentoo-96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353.tar.gz gentoo-96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353.tar.bz2 gentoo-96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353.zip |
net-fs/samba: Security cleanup
Bug: https://bugs.gentoo.org/821688
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-fs')
-rw-r--r-- | net-fs/samba/Manifest | 1 | ||||
-rw-r--r-- | net-fs/samba/samba-4.14.9.ebuild | 339 |
2 files changed, 0 insertions, 340 deletions
diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest index 0bd4d0b090de..fd3ea6e68854 100644 --- a/net-fs/samba/Manifest +++ b/net-fs/samba/Manifest @@ -1,3 +1,2 @@ DIST samba-4.14.10.tar.gz 19134066 BLAKE2B c6daebc7abbf2ed371ed694e4478d05875d55f7c5a9f83461932eebd7fe9089ff15e0530555d468e64f897d4cadab86e8c0acbfbd20938b3be842cb4324486e2 SHA512 0e1dd386d185cf77a2be4155646e98b3218316b5c290358684ec8eed747ffea67aa7db0937edc971fb791dc47f0f51306db33eb3b8cb65cca8787f18fd4b7f1c -DIST samba-4.14.9.tar.gz 19063803 BLAKE2B 157665aba6d2449781ad3781deb2cdb3ae325879a796b8ba07a9d981ed93aaccd7f098841136a3be9d4e304ecba00b7ecb0c4a84cdfc6593172d4bc66cb38c69 SHA512 e7eb8b55656f51d94d99358dbe39869a74e34b2c69e14ac813c2387a4b2a10d8a5c22ad9b6a3a3ed4dcec4c13df810f577e22d7f1cc903176c0962e412496deb DIST samba-4.15.2.tar.gz 19252338 BLAKE2B aded33cbefce69c9b20148de1be224514de5cc825404e8188fb0a96022d0fdc6595256f74a5e295fd2e1062e8520775b6c59c1d6a7bf80a52ed9fa9db412dcdd SHA512 6fdf9db0da90332afe527703066cca4ec5b0ec6bf6a5979443953f9fbc18b870a7e2445a41c9ae3d63f7738c9c0282e7ca82f6066aa68e151eec248615ea7b21 diff --git a/net-fs/samba/samba-4.14.9.ebuild b/net-fs/samba/samba-4.14.9.ebuild deleted file mode 100644 index d94a70025926..000000000000 --- a/net-fs/samba/samba-4.14.9.ebuild +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{8..9} ) -PYTHON_REQ_USE="threads(+),xml(+)" -inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam tmpfiles - -DESCRIPTION="Samba Suite Version 4" -HOMEPAGE="https://samba.org/" - -MY_PV="${PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" -if [[ ${PV} = *_rc* ]]; then - SRC_URI="mirror://samba/rc/${MY_P}.tar.gz" -else - SRC_URI="mirror://samba/stable/${MY_P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv sparc x86" -fi -S="${WORKDIR}/${MY_P}" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam glusterfs -gpg iprint json ldap ntvfs pam profiling-data python quota +regedit selinux -snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind -zeroconf" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - addc? ( python json winbind ) - addns? ( python ) - ads? ( acl ldap winbind ) - cluster? ( ads ) - gpg? ( addc ) - ntvfs? ( addc ) - spotlight? ( json ) - test? ( python ) - !ads? ( !addc ) - ?? ( system-heimdal system-mitkrb5 ) -" - -# the test suite is messed, it uses system-installed samba -# bits instead of what was built, tests things disabled via use -# flags, and generally just fails to work in a way ebuilds could -# rely on in its current state -RESTRICT="test" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/samba-4.0/policy.h - /usr/include/samba-4.0/dcerpc_server.h - /usr/include/samba-4.0/ctdb.h - /usr/include/samba-4.0/ctdb_client.h - /usr/include/samba-4.0/ctdb_protocol.h - /usr/include/samba-4.0/ctdb_private.h - /usr/include/samba-4.0/ctdb_typesafe_cb.h - /usr/include/samba-4.0/ctdb_version.h -) - -COMMON_DEPEND=" - >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] - dev-lang/perl:= - dev-libs/icu:=[${MULTILIB_USEDEP}] - dev-libs/libbsd[${MULTILIB_USEDEP}] - dev-libs/libtasn1[${MULTILIB_USEDEP}] - dev-libs/popt[${MULTILIB_USEDEP}] - dev-perl/Parse-Yapp - >=net-libs/gnutls-3.4.7[${MULTILIB_USEDEP}] - net-libs/libnsl:=[${MULTILIB_USEDEP}] - sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}] - >=sys-libs/ldb-2.3.1[ldap(+)?,${MULTILIB_USEDEP}] - <sys-libs/ldb-2.4.0[ldap(+)?,${MULTILIB_USEDEP}] - sys-libs/libcap[${MULTILIB_USEDEP}] - sys-libs/liburing:=[${MULTILIB_USEDEP}] - sys-libs/ncurses:0= - sys-libs/readline:0= - >=sys-libs/talloc-2.3.2[${MULTILIB_USEDEP}] - >=sys-libs/tdb-1.4.3[${MULTILIB_USEDEP}] - >=sys-libs/tevent-0.10.2[${MULTILIB_USEDEP}] - sys-libs/zlib[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - virtual/libiconv - $(python_gen_cond_dep " - addc? ( - dev-python/dnspython:=[\${PYTHON_USEDEP}] - dev-python/markdown[\${PYTHON_USEDEP}] - ) - addns? ( - dev-python/dnspython:=[\${PYTHON_USEDEP}] - net-dns/bind-tools[gssapi] - ) - ") - !alpha? ( !sparc? ( sys-libs/libunwind:= ) ) - acl? ( virtual/acl ) - ceph? ( sys-cluster/ceph ) - cluster? ( net-libs/rpcsvc-proto ) - cups? ( net-print/cups ) - debug? ( dev-util/lttng-ust ) - dmapi? ( sys-apps/dmapi ) - fam? ( virtual/fam ) - gpg? ( app-crypt/gpgme ) - json? ( dev-libs/jansson:= ) - ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) - pam? ( sys-libs/pam ) - python? ( - sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] - sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] - sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] - sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] - ) - snapper? ( sys-apps/dbus ) - system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) - system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) - systemd? ( sys-apps/systemd:0= ) - zeroconf? ( net-dns/avahi[dbus] ) -" -DEPEND="${COMMON_DEPEND} - >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] - net-libs/libtirpc[${MULTILIB_USEDEP}] - || ( - net-libs/rpcsvc-proto - <sys-libs/glibc-2.26[rpc(+)] - ) - spotlight? ( dev-libs/glib ) - test? ( - $(python_gen_cond_dep "dev-python/subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) - !system-mitkrb5? ( - >=net-dns/resolv_wrapper-1.1.4 - >=net-libs/socket_wrapper-1.1.9 - >=sys-libs/nss_wrapper-1.1.3 - >=sys-libs/uid_wrapper-1.2.1 - ) - )" -RDEPEND="${COMMON_DEPEND} - client? ( net-fs/cifs-utils[ads?] ) - python? ( ${PYTHON_DEPS} ) - selinux? ( sec-policy/selinux-samba ) -" -BDEPEND="${PYTHON_DEPS} - app-text/docbook-xsl-stylesheets - dev-libs/libxslt - virtual/pkgconfig -" - -PATCHES=( - "${FILESDIR}/${PN}-4.4.0-pam.patch" -) - -#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" -CONFDIR="${FILESDIR}/4.4" - -WAF_BINARY="${S}/buildtools/bin/waf" - -SHAREDMODS="" - -pkg_setup() { - # Package fails to build with distcc - export DISTCC_DISABLE=1 - - python-single-r1_pkg_setup - - SHAREDMODS="$(usex snapper '' '!')vfs_snapper" - if use cluster ; then - SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" - elif use ads ; then - SHAREDMODS+=",idmap_ad" - fi -} - -src_prepare() { - default - - # un-bundle dnspython - sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die - - # unbundle iso8601 unless tests are enabled - if ! use test ; then - sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die - fi - - ## ugly hackaround for bug #592502 - #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die - - sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \ - -i source4/dsdb/samdb/ldb_modules/password_hash.c \ - || die - - # Friggin' WAF shit - multilib_copy_sources -} - -multilib_src_configure() { - # when specifying libs for samba build you must append NONE to the end to - # stop it automatically including things - local bundled_libs="NONE" - if ! use system-heimdal && ! use system-mitkrb5 ; then - bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" - fi - - local myconf=( - --enable-fhs - --sysconfdir="${EPREFIX}/etc" - --localstatedir="${EPREFIX}/var" - --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" - --with-piddir="${EPREFIX}/run/${PN}" - --bundled-libraries="${bundled_libs}" - --builtin-libraries=NONE - --disable-rpath - --disable-rpath-install - --nopyc - --nopyo - --without-winexe - $(multilib_native_use_with acl acl-support) - $(multilib_native_usex addc '' '--without-ad-dc') - $(multilib_native_use_with addns dnsupdate) - $(multilib_native_use_with ads) - $(multilib_native_use_enable ceph cephfs) - $(multilib_native_use_with cluster cluster-support) - $(multilib_native_use_enable cups) - $(multilib_native_use_with dmapi) - $(multilib_native_use_with fam) - $(multilib_native_use_enable glusterfs) - $(multilib_native_use_with gpg gpgme) - $(multilib_native_use_with json) - $(multilib_native_use_enable iprint) - $(multilib_native_use_with ntvfs ntvfs-fileserver) - $(multilib_native_use_with pam) - $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') - $(multilib_native_use_with quota quotas) - $(multilib_native_use_with regedit) - $(multilib_native_use_enable spotlight) - $(multilib_native_use_with syslog) - $(multilib_native_use_with systemd) - --systemd-install-services - --with-systemddir="$(systemd_get_systemunitdir)" - $(multilib_native_use_with winbind) - $(multilib_native_usex python '' '--disable-python') - $(multilib_native_use_enable zeroconf avahi) - $(multilib_native_usex test '--enable-selftest' '') - $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') - $(use_with debug lttng) - $(use_with ldap) - $(use_with profiling-data) - # bug #683148 - --jobs 1 - ) - - if multilib_is_native_abi ; then - myconf+=( --with-shared-modules=${SHAREDMODS} ) - else - myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) - fi - - CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ - waf-utils_src_configure ${myconf[@]} -} - -multilib_src_compile() { - waf-utils_src_compile -} - -multilib_src_install() { - waf-utils_src_install - - # Make all .so files executable - find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die - - if multilib_is_native_abi ; then - # install ldap schema for server (bug #491002) - if use ldap ; then - insinto /etc/openldap/schema - doins examples/LDAP/samba.schema - fi - - # create symlink for cups (bug #552310) - if use cups ; then - dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb - fi - - # install example config file - insinto /etc/samba - doins examples/smb.conf.default - - # Fix paths in example file (#603964) - sed \ - -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ - -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ - -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ - -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ - -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ - -i "${ED}"/etc/samba/smb.conf.default || die - - # Install init script and conf.d file - newinitd "${CONFDIR}/samba4.initd-r1" samba - newconfd "${CONFDIR}/samba4.confd" samba - - dotmpfiles "${FILESDIR}"/samba.conf - use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die - - # Preserve functionality for old gentoo-specific unit names - dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" - dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" - dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" - fi - - if use pam && use winbind ; then - newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind - # bugs #376853 and #590374 - insinto /etc/security - doins examples/pam_winbind/pam_winbind.conf - fi - - keepdir /var/cache/samba - keepdir /var/lib/ctdb - keepdir /var/lib/samba/{bind-dns,private} - keepdir /var/lock/samba - keepdir /var/log/samba -} - -multilib_src_test() { - if multilib_is_native_abi ; then - "${WAF_BINARY}" test || die "test failed" - fi -} - -pkg_postinst() { - tmpfiles_process samba.conf - - if [[ -z ${REPLACING_VERSIONS} ]] ; then - elog "Be aware that this release contains the best of all of Samba's" - elog "technology parts, both a file server (that you can reasonably expect" - elog "to upgrade existing Samba 3.x releases to) and the AD domain" - elog "controller work previously known as 'samba4'." - elog - fi - elog "For further information and migration steps make sure to read " - elog "https://samba.org/samba/history/${P}.html " - elog "https://wiki.samba.org/index.php/Samba4/HOWTO " -} |