From 37e7d2c7cde58674b068568ef6bf3bbd3425ba3a Mon Sep 17 00:00:00 2001 From: xhaa123 Date: Thu, 31 Oct 2024 16:13:17 +0800 Subject: [PATCH] openldap 2.6.8-1 --- PKGBUILD | 155 +++++++++++++++++++----- openldap-2.6.7-consolidated-1.patch | 175 ---------------------------- openldap.sysusers | 1 + openldap.tmpfiles | 4 + slapd | 12 -- slapd.conf | 1 - slapd.service | 11 -- 7 files changed, 133 insertions(+), 226 deletions(-) delete mode 100644 openldap-2.6.7-consolidated-1.patch create mode 100644 openldap.sysusers create mode 100644 openldap.tmpfiles delete mode 100644 slapd delete mode 100644 slapd.conf delete mode 100644 slapd.service diff --git a/PKGBUILD b/PKGBUILD index 07190ed..777a893 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -4,48 +4,149 @@ # then please put 'unknown'. # Maintainer: Future Linux Team -pkgname=openldap -pkgver=2.6.7 +pkgname=(openldap libldap) +pkgbase=openldap +pkgver=2.6.8 pkgrel=1 pkgdesc="Lightweight Directory Access Protocol (LDAP) client and server" arch=('x86_64') url="https://www.openldap.org/" license=('custom') -depends=('cyrus-sasl') -makedepends=('libtool' 'util-linux') -backup=(etc/openldap/ldap.conf - etc/openldap/ldap.conf.default) -options=('!makeflags' 'emptydirs') -source=(https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pkgname}-${pkgver}.tgz - ${pkgname}-${pkgver}-consolidated-1.patch) -sha256sums=(cd775f625c944ed78a3da18a03b03b08eea73c8aabc97b41bb336e9a10954930 - ee96840f2235bdd810e41e8cbc2faf4d46b83c0c15be937701c147b099d0232d) +makedepends=('libtool' 'cyrus-sasl' 'util-linux' 'chrpath' 'unixodbc' 'libsodium' 'systemd') +options=('!makeflags' 'emptydirs' '!lto') +source=(https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pkgbase}-${pkgver}.tgz + openldap.sysusers + openldap.tmpfiles) +sha256sums=(48969323e94e3be3b03c6a132942dcba7ef8d545f2ad35401709019f696c3c4e + 6fd7e763f82f41aa780c3970eea46e3f3bbb806cecafa5c20abe5309ad7c1800 + 072effe3fd6db5c6a331b4867d4fa539ea871587c54d3cbc392cead790b04300) + +# extra modules found in contrib/slapd-modules +_extra_modules=( + 'nssov' + 'autogroup' + 'lastbind' + 'passwd/sha2' + 'allowed' + 'noopsrch' +) prepare() { - cd ${pkgname}-${pkgver} + cd ${pkgbase}-${pkgver} - patch -Np1 -i ${srcdir}/${pkgname}-${pkgver}-consolidated-1.patch + # change perms from 0644 to 0755 + sed -i 's|-m 644 $(LIBRARY)|-m 755 $(LIBRARY)|' libraries/{liblber,libldap}/Makefile.in + + # change rundir to /run/openldap + sed -i 's|#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"|#define LDAPI_SOCK LDAP_DIRSEP "run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi"|' include/ldap_defaults.h + sed -i 's|%LOCALSTATEDIR%/run|/run/openldap|' servers/slapd/slapd.{conf,ldif} + sed -i 's|-$(MKDIR) $(DESTDIR)$(localstatedir)/run|-$(MKDIR) $(DESTDIR)/run/openldap|' servers/slapd/Makefile.in + + # modify upstream systemd service + sed -i -e "s|EnvironmentFile.*|EnvironmentFile=-/etc/conf.d/slapd|" -e "s/slapd -d 0/\0 -u ldap -g ldap/" servers/slapd/slapd.service - autoconf + autoconf } build() { - cd ${pkgname}-${pkgver} + cd ${pkgbase}-${pkgver} - ${CONFIGURE} \ - --sysconfdir=/etc \ - --with-cyrus-sasl \ - --disable-static \ - --enable-dynamic \ - --disable-debug \ - --disable-slapd + ${CONFIGURE} \ + --sysconfdir=/etc \ + --localstatedir=/var/lib/openldap \ + --enable-dynamic \ + --enable-syslog \ + --enable-ipv6 \ + --enable-local \ + --enable-crypt \ + --enable-spasswd \ + --enable-modules \ + --enable-backends \ + --enable-argon2 \ + --with-argon2=libsodium \ + --disable-wt \ + --enable-overlays=mod \ + --with-cyrus-sasl \ + --with-threads - make depend - make + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make + + # build extra modules + for module in ${_extra_modules[@]}; do + make -C contrib/slapd-modules/${module} \ + OPT="${CFLAGS} ${CPPFLAGS}" \ + prefix=/usr \ + libdir=/usr/lib64 \ + sysconfdir=/etc/openldap + done } -package() { - cd ${pkgname}-${pkgver} +package_libldap() { + pkgdesc="Lightweight Directory Access Protocol (LDAP) client libraries" + depends=('cyrus-sasl') + backup=(etc/openldap/ldap.conf) - make DESTDIR=${pkgdir} install + cd ${pkgbase}-${pkgver} + + for dir in include libraries doc/man/man3 ; do + pushd ${dir} + make DESTDIR=${pkgdir} install + popd + done + + install -Dm644 -t ${pkgdir}/usr/share/man/man5 doc/man/man5/ldap.conf.5 + + # remove duplicate conf files + rm ${pkgdir}/etc/openldap/*.default + + # shared library versioning + ln -sf liblber.so ${pkgdir}/usr/lib64/liblber.so.2 + ln -sf libldap.so ${pkgdir}/usr/lib64/libldap.so.2 +} + +package_openldap() { + pkgdesc="Lightweight Directory Access Protocol (LDAP) client and server" + depends=("libldap>=${pkgver}" 'libtool' 'unixodbc' 'perl' 'systemd' 'libsodium') + backup=(etc/openldap/slapd.conf + etc/openldap/slapd.ldif) + + cd ${pkgbase}-${pkgver} + + for dir in clients servers doc/man/man{1,5,8}; do + pushd ${dir} + make DESTDIR=${pkgdir} install + popd + done + + # install extra modules + for module in ${_extra_modules[@]}; do + make -C contrib/slapd-modules/${module} \ + prefix=/usr \ + libdir=/usr/lib64 \ + sysconfdir=/etc/openldap \ + DESTDIR=${pkgdir} install + + # passwd/sha2 has no man page, so skip it + if [ -f contrib/slapd-modules/${module}/slapo-${module}.5 ]; then + install -m644 -t ${pkgdir}/usr/share/man/man5 \ + contrib/slapd-modules/${module}/slapo-${module}.5 + fi + done + + # should be in libldap package + rm ${pkgdir}/usr/share/man/man5/ldap.conf.5 + + # let systemd-tmpfiles generate this directory + rm -r ${pkgdir}/run + + # get rid of duplicate conf files + rm ${pkgdir}/etc/openldap/*.default + ln -s ../lib64/slapd ${pkgdir}/usr/bin/slapd + chown root:439 ${pkgdir}/etc/openldap/slapd.{conf,ldif} + chmod 640 ${pkgdir}/etc/openldap/slapd.{conf,ldif} + + # systemd integration + install -Dm644 ${srcdir}/openldap.tmpfiles ${pkgdir}/usr/lib/tmpfiles.d/openldap.conf + install -Dm644 ${srcdir}/openldap.sysusers ${pkgdir}/usr/lib/sysusers.d/openldap.conf } diff --git a/openldap-2.6.7-consolidated-1.patch b/openldap-2.6.7-consolidated-1.patch deleted file mode 100644 index 62dea26..0000000 --- a/openldap-2.6.7-consolidated-1.patch +++ /dev/null @@ -1,175 +0,0 @@ -Submitted by: Xi Ruoyao -Date: 2024-01-30 -Initial Package Version: 2.6.7 -Upstream Status: BLFS Specific -Origin: Armin K. and Debian. - Rediffed multiple times by various editors. - For 2.6.7, manually edited to remove the bogus - ".orig" file creation, and change - %LOCALSTATEDIR%/run to /run because /var/run has - been deprecated. - -diff -Naurp openldap-2.6.2.orig/doc/man/man5/slapd.conf.5 openldap-2.6.2/doc/man/man5/slapd.conf.5 ---- openldap-2.6.2.orig/doc/man/man5/slapd.conf.5 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/doc/man/man5/slapd.conf.5 2022-05-05 12:05:53.309727745 +0200 -@@ -2122,7 +2122,7 @@ suffix "dc=our\-domain,dc=com" - # The database directory MUST exist prior to - # running slapd AND should only be accessible - # by the slapd/tools. Mode 0700 recommended. --directory LOCALSTATEDIR/openldap\-data -+directory LOCALSTATEDIR/lib/openldap - # Indices to maintain - index objectClass eq - index cn,sn,mail pres,eq,approx,sub -diff -Naurp openldap-2.6.2.orig/doc/man/man5/slapd-config.5 openldap-2.6.2/doc/man/man5/slapd-config.5 ---- openldap-2.6.2.orig/doc/man/man5/slapd-config.5 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/doc/man/man5/slapd-config.5 2022-05-05 12:05:53.312727754 +0200 -@@ -2233,7 +2233,7 @@ olcSuffix: "dc=our\-domain,dc=com" - # The database directory MUST exist prior to - # running slapd AND should only be accessible - # by the slapd/tools. Mode 0700 recommended. --olcDbDirectory: LOCALSTATEDIR/openldap\-data -+olcDbDirectory: LOCALSTATEDIR/lib/openldap - # Indices to maintain - olcDbIndex: objectClass eq - olcDbIndex: cn,sn,mail pres,eq,approx,sub - -diff -Naurp openldap-2.6.2.orig/include/ldap_defaults.h openldap-2.6.2/include/ldap_defaults.h ---- openldap-2.6.2.orig/include/ldap_defaults.h 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/include/ldap_defaults.h 2022-05-05 12:07:08.783961875 +0200 -@@ -40,7 +40,8 @@ - - /* default ldapi:// socket */ - #ifndef LDAPI_SOCK --#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" -+#define LDAPI_SOCK "/run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi" -+ - #endif - - /* -@@ -54,7 +55,8 @@ - #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d" - #endif - #ifndef SLAPD_DEFAULT_DB_DIR --#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data" -+#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "openldap" -+ - #endif - #define SLAPD_DEFAULT_DB_MODE 0600 - /* default max deref depth for aliases */ -diff -Naurp openldap-2.6.2.orig/libraries/liblber/Makefile.in openldap-2.6.2/libraries/liblber/Makefile.in ---- openldap-2.6.2.orig/libraries/liblber/Makefile.in 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/libraries/liblber/Makefile.in 2022-05-05 12:05:53.313727757 +0200 -@@ -51,6 +51,6 @@ idtest: $(XLIBS) idtest.o - - install-local: FORCE - -$(MKDIR) $(DESTDIR)$(libdir) -- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir) -+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir) - $(LTFINISH) $(DESTDIR)$(libdir) - -diff -Naurp openldap-2.6.2.orig/libraries/libldap/Makefile.in openldap-2.6.2/libraries/libldap/Makefile.in ---- openldap-2.6.2.orig/libraries/libldap/Makefile.in 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/libraries/libldap/Makefile.in 2022-05-05 12:05:53.327727801 +0200 -@@ -82,7 +82,7 @@ CFFILES=ldap.conf - - install-local: $(CFFILES) FORCE - -$(MKDIR) $(DESTDIR)$(libdir) -- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir) -+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir) - $(LTFINISH) $(DESTDIR)$(libdir) - -$(MKDIR) $(DESTDIR)$(sysconfdir) - @for i in $(CFFILES); do \ -diff -Naurp openldap-2.6.2.orig/servers/slapd/Makefile.in openldap-2.6.2/servers/slapd/Makefile.in ---- openldap-2.6.2.orig/servers/slapd/Makefile.in 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/servers/slapd/Makefile.in 2022-05-05 12:05:53.329727807 +0200 -@@ -374,9 +374,10 @@ install-local-srv: install-slapd install - - install-slapd: FORCE - -$(MKDIR) $(DESTDIR)$(libexecdir) -+ -$(MKDIR) $(DESTDIR)$(sbindir) - -$(MKDIR) $(DESTDIR)$(localstatedir)/run - $(LTINSTALL) $(INSTALLFLAGS) $(STRIP_OPTS) -m 755 \ -- slapd$(EXEEXT) $(DESTDIR)$(libexecdir) -+ slapd$(EXEEXT) $(DESTDIR)$(sbindir) - @for i in $(SUBDIRS); do \ - if test -d $$i && test -f $$i/Makefile ; then \ - echo; echo " cd $$i && $(MAKE) $(MFLAGS) install"; \ -@@ -452,9 +453,9 @@ install-conf: FORCE - - install-db-config: FORCE - @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) -- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data -+ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/openldap - $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ -- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example -+ $(DESTDIR)$(localstatedir)/lib/openldap/DB_CONFIG.example - $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ - $(DESTDIR)$(sysconfdir)/DB_CONFIG.example - -@@ -462,6 +463,6 @@ install-tools: FORCE - -$(MKDIR) $(DESTDIR)$(sbindir) - for i in $(SLAPTOOLS); do \ - $(RM) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ -- $(LN_S) -f $(DESTDIR)$(libexecdir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ -+ $(LN_S) -f $(DESTDIR)$(sbindir)/slapd$(EXEEXT) $(DESTDIR)$(sbindir)/$$i$(EXEEXT); \ - done - -diff -Naurp openldap-2.6.2.orig/servers/slapd/slapd.conf openldap-2.6.2/servers/slapd/slapd.conf ---- openldap-2.6.2.orig/servers/slapd/slapd.conf 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/servers/slapd/slapd.conf 2022-05-05 12:05:53.331727813 +0200 -@@ -10,8 +10,9 @@ include %SYSCONFDIR%/schema/core.schema - # service AND an understanding of referrals. - #referral ldap://root.openldap.org - --pidfile %LOCALSTATEDIR%/run/slapd.pid --argsfile %LOCALSTATEDIR%/run/slapd.args -+pidfile /run/openldap/slapd.pid -+argsfile /run/openldap/slapd.args -+ - - # Load dynamic backend modules: - modulepath %MODULEDIR% -@@ -69,7 +70,7 @@ rootpw secret - # The database directory MUST exist prior to running slapd AND - # should only be accessible by the slapd and slap tools. - # Mode 700 recommended. --directory %LOCALSTATEDIR%/openldap-data -+directory %LOCALSTATEDIR%/lib/openldap - # Indices to maintain - index objectClass eq - -diff -Naurp openldap-2.6.2.orig/servers/slapd/slapd.ldif openldap-2.6.2/servers/slapd/slapd.ldif ---- openldap-2.6.2.orig/servers/slapd/slapd.ldif 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/servers/slapd/slapd.ldif 2022-05-05 12:05:53.332727816 +0200 -@@ -9,8 +9,8 @@ cn: config - # - # Define global ACLs to disable default read access. - # --olcArgsFile: %LOCALSTATEDIR%/run/slapd.args --olcPidFile: %LOCALSTATEDIR%/run/slapd.pid -+olcArgsFile: /run/openldap/slapd.args -+olcPidFile: /run/openldap/slapd.pid - # - # Do not enable referrals until AFTER you have a working directory - # service AND an understanding of referrals. -@@ -88,7 +88,7 @@ olcRootPW: secret - # The database directory MUST exist prior to running slapd AND - # should only be accessible by the slapd and slap tools. - # Mode 700 recommended. --olcDbDirectory: %LOCALSTATEDIR%/openldap-data -+olcDbDirectory: %LOCALSTATEDIR%/lib/openldap - # Indices to maintain - olcDbIndex: objectClass eq - -diff -Naurp openldap-2.6.2.orig/servers/slapd/slapi/Makefile.in openldap-2.6.2/servers/slapd/slapi/Makefile.in ---- openldap-2.6.2.orig/servers/slapd/slapi/Makefile.in 2022-05-04 16:55:23.000000000 +0200 -+++ openldap-2.6.2/servers/slapd/slapi/Makefile.in 2022-05-05 12:05:53.333727819 +0200 -@@ -46,6 +46,6 @@ BUILD_MOD = @BUILD_SLAPI@ - install-local: FORCE - if test "$(BUILD_MOD)" = "yes"; then \ - $(MKDIR) $(DESTDIR)$(libdir); \ -- $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(LIBRARY) $(DESTDIR)$(libdir); \ -+ $(LTINSTALL) $(INSTALLFLAGS) -m 755 $(LIBRARY) $(DESTDIR)$(libdir); \ - fi - diff --git a/openldap.sysusers b/openldap.sysusers new file mode 100644 index 0000000..003f433 --- /dev/null +++ b/openldap.sysusers @@ -0,0 +1 @@ +u ldap 83 "LDAP Server" /var/lib/openldap diff --git a/openldap.tmpfiles b/openldap.tmpfiles new file mode 100644 index 0000000..19b58b5 --- /dev/null +++ b/openldap.tmpfiles @@ -0,0 +1,4 @@ +D /run/openldap 0755 ldap ldap - + +f /var/lib/openldap/.placeholder 0644 ldap ldap - "prevent pwcheck error; pacman should not remove ~ldap" + diff --git a/slapd b/slapd deleted file mode 100644 index 3286a95..0000000 --- a/slapd +++ /dev/null @@ -1,12 +0,0 @@ -# Begin /etc/default/slapd - -# Options to pass to slapd. -# See slapd(8) for more details. -SLAPD_OPTS="" - -# slapd normally serves ldap only on all TCP-ports 389. slapd can also -# service requests on TCP-port 636 (ldaps) and requests via unix -# sockets. -#SLAPD_OPTS='-h "ldap://127.0.0.1:389/ ldaps:/// ldapi:///"' - -# End /etc/default/slapd diff --git a/slapd.conf b/slapd.conf deleted file mode 100644 index 8857aed..0000000 --- a/slapd.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/openldap 0755 ldap ldap - diff --git a/slapd.service b/slapd.service deleted file mode 100644 index 8244128..0000000 --- a/slapd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=OpenLDAP server daemon -After=network.target - -[Service] -Type=forking -EnvironmentFile=/etc/default/slapd -ExecStart=/usr/sbin/slapd -u ldap -g ldap $SLAPD_OPTS - -[Install] -WantedBy=multi-user.target