samba: update to 4.8.11

* This includes security fixes that adresses the following defects: CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) CVE-2019-3880 (Save registry file outside share as unprivileged user) * Upstreamed patch removed: 0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch * Extended PACKAGECONFIG ad-dc to be able to build MIT Kerberos see https://bugzilla.samba.org/show_bug.cgi?id=13678 Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Johannes Pointner <johannes.pointner@br-automation.com> 2019-05-08 09:31:19 +0200
committer: Khem Raj <raj.khem@gmail.com> 2019-05-09 20:34:33 -0700
commit: 11e7ffc442ddca6536c23edc5831e8137f519a0c (patch)
tree: be53ba4d0e9c31adffdcd563ffa8dae3f757cc97 /meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
parent: 7edaba2496d6132fa6b74a7940bb9a4b4c8a4dfb (diff)
download: meta-openembedded-11e7ffc442ddca6536c23edc5831e8137f519a0c.tar.gz
1 files changed, 324 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
new file mode 100644
index 000000000..8c08d1ed3
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
@@ -0,0 +1,324 @@
+HOMEPAGE = "https://www.samba.org/"
+SECTION = "console/network"
+LICENSE = "GPL-3.0+ & LGPL-3.0+ & GPL-2.0+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
+                    file://${COREBASE}/meta/files/common-licenses/LGPL-3.0;md5=bfccfe952269fff2b407dd11f2f3083b \
+                    file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6 "
+SAMBA_MIRROR = "http://samba.org/samba/ftp"
+MIRRORS += "\
+${SAMBA_MIRROR}    http://mirror.internode.on.net/pub/samba \n \
+${SAMBA_MIRROR}    http://www.mirrorservice.org/sites/ftp.samba.org \n \
+"
+SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
+           file://smb.conf \
+           file://16-do-not-check-xsltproc-manpages.patch \
+           file://20-do-not-import-target-module-while-cross-compile.patch \
+           file://21-add-config-option-without-valgrind.patch \
+           file://netdb_defines.patch \
+           file://glibc_only.patch \
+           file://iconv-4.7.0.patch \
+           file://dnsserver-4.7.0.patch \
+           file://smb_conf-4.7.0.patch \
+           file://volatiles.03_samba \
+           "
+SRC_URI_append_libc-musl = " \
+           file://samba-pam.patch \
+           file://samba-4.3.9-remove-getpwent_r.patch \
+           file://cmocka-uintptr_t.patch \
+          "
+SRC_URI[md5sum] = "de61611075e97ea98140a42d9189d9a5"
+SRC_URI[sha256sum] = "d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a"
+UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"
+inherit systemd waf-samba cpan-base perlnative update-rc.d
+# remove default added RDEPENDS on perl
+RDEPENDS_${PN}_remove = "perl"
+DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libbsd libaio libpam"
+inherit distro_features_check
+REQUIRED_DISTRO_FEATURES = "pam"
+DEPENDS_append_libc-musl = " libtirpc"
+CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc"
+LDFLAGS_append_libc-musl = " -ltirpc"
+INITSCRIPT_NAME = "samba"
+INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ."
+SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind"
+SYSTEMD_SERVICE_${PN}-base = "nmb.service smb.service"
+SYSTEMD_SERVICE_${PN}-ad-dc = "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'samba.service', '', d)}"
+SYSTEMD_SERVICE_winbind = "winbind.service"
+# There are prerequisite settings to enable ad-dc, so disable the service by default.
+# Reference:
+# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
+SYSTEMD_AUTO_ENABLE_${PN}-ad-dc = "disable"
+# Use krb5.  Build active domain controller.
+#
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \
+                   acl ad-dc cups gnutls ldap mitkrb5 \
+"
+RDEPENDS_${PN}-ctdb-tests += "bash util-linux-getopt"
+PACKAGECONFIG[acl] = "--with-acl-support,--without-acl-support,acl"
+PACKAGECONFIG[fam] = "--with-fam,--without-fam,gamin"
+PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,cups"
+PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
+PACKAGECONFIG[sasl] = ",,cyrus-sasl"
+PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd"
+PACKAGECONFIG[dmapi] = "--with-dmapi,--without-dmapi,dmapi"
+PACKAGECONFIG[zeroconf] = "--enable-avahi,--disable-avahi,avahi"
+PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind,"
+PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust"
+PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive"
+PACKAGECONFIG[libunwind] = ", , libunwind"
+# Building the AD (Active Directory) DC (Domain Controller) requires GnuTLS,
+# And ad-dc doesn't work with mitkrb5 for versions prior to 4.7.0 according to:
+# http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html
+# So the working combination is:
+# 1) ad-dc: enable, gnutls: enable, mitkrb5: disable
+# 2) ad-dc: disable, gnutls: enable/disable, mitkrb5: enable
+#
+# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where
+# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.
+#
+PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,,"
+PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
+PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"
+SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2"
+SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4"
+SAMBA4_AUTH_MODULES="auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4"
+SAMBA4_MODULES="${SAMBA4_IDMAP_MODULES},${SAMBA4_PDB_MODULES},${SAMBA4_AUTH_MODULES}"
+# These libraries are supposed to replace others supplied by packages, but decorate the names of
+# .so files so there will not be a conflict.  This is not done consistantly, so be very careful
+# when adding to this list.
+#
+SAMBA4_LIBS="heimdal,cmocka,ldb,pyldb-util,NONE"
+# interim packages: As long as ldb/pyldb-util are in SAMBA4_LIBS we need to pack
+# bundled libraries in seperate packages. Otherwise they are auto-packed in
+# package 'samba' which RDEPENDS on lots of packages not wanted e.g autostarting
+# nmbd/smbd daemons
+# Once 'ldb,pyldb-util' are removed from SAMBA4_LIBS the bundled packages can
+# be removed again.
+PACKAGES =+ "${PN}-bundled-ldb ${PN}-bundled-pyldb-util"
+FILES_${PN}-bundled-ldb = "${libdir}/samba/libldb${SOLIBS}"
+FILES_${PN}-bundled-pyldb-util = "${libdir}/samba/libpyldb-util${SOLIBS}"
+EXTRA_OECONF += "--enable-fhs \
+                 --with-piddir=/run \
+                 --with-sockets-dir=/run/samba \
+                 --with-modulesdir=${libdir}/samba \
+                 --with-lockdir=${localstatedir}/lib/samba \
+                 --with-cachedir=${localstatedir}/lib/samba \
+                 --disable-rpath-install \
+                 --with-shared-modules=${SAMBA4_MODULES} \
+                 --bundled-libraries=${SAMBA4_LIBS} \
+                 ${@oe.utils.conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \
+                 --with-cluster-support \
+                 --with-profiling-data \
+                 --with-libiconv=${STAGING_DIR_HOST}${prefix} \
+                 --with-pam --with-pammodulesdir=${base_libdir}/security \
+                "
+LDFLAGS += "-Wl,-z,relro,-z,now ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}"
+do_install_append() {
+    for section in 1 5 7; do
+        install -d ${D}${mandir}/man$section
+        install -m 0644 ctdb/doc/*.$section ${D}${mandir}/man$section
+    done
+    for section in 1 5 7 8; do
+        install -d ${D}${mandir}/man$section
+        install -m 0644 docs/manpages/*.$section ${D}${mandir}/man$section
+    done
+    install -d ${D}${systemd_system_unitdir}
+    install -m 0644 ${S}/bin/default/packaging/systemd/*.service ${D}${systemd_system_unitdir}/
+    sed -e 's,\(ExecReload=\).*\(/kill\),\1${base_bindir}\2,' \
+        -e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \
+        -i ${D}${systemd_system_unitdir}/*.service
+    if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ]; then
+        rm -f ${D}${systemd_system_unitdir}/samba.service
+    fi
+    install -d ${D}${sysconfdir}/tmpfiles.d
+    install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconfdir}/tmpfiles.d/samba.conf
+    echo "d ${localstatedir}/log/samba 0755 root root -" \
+        >> ${D}${sysconfdir}/tmpfiles.d/samba.conf
+    install -d ${D}${sysconfdir}/init.d
+    install -m 0755 packaging/sysv/samba.init ${D}${sysconfdir}/init.d/samba
+    sed -e 's,/opt/samba/bin,${sbindir},g' \
+        -e 's,/opt/samba/smb.conf,${sysconfdir}/samba/smb.conf,g' \
+        -e 's,/opt/samba/log,${localstatedir}/log/samba,g' \
+        -e 's,/etc/init.d/samba.server,${sysconfdir}/init.d/samba,g' \
+        -e 's,/usr/bin,${base_bindir},g' \
+        -i ${D}${sysconfdir}/init.d/samba
+    install -d ${D}${sysconfdir}/samba
+    echo "127.0.0.1 localhost" > ${D}${sysconfdir}/samba/lmhosts
+    install -m644 ${WORKDIR}/smb.conf ${D}${sysconfdir}/samba/smb.conf
+    install -D -m 644 ${WORKDIR}/volatiles.03_samba ${D}${sysconfdir}/default/volatiles/03_samba
+    install -d ${D}${sysconfdir}/default
+    install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir}/default/samba
+    # install ctdb config file and test cases
+    install -D -m 0644 ${S}/ctdb/tests/onnode/nodes ${D}${sysconfdir}/ctdb/nodes
+    # the items are from ctdb/tests/run_tests.sh
+    for d in onnode takeover tool eventscripts cunit simple complex; do
+        testdir=${D}${datadir}/ctdb-tests/$d
+        install -d $testdir
+        cp ${S}/ctdb/tests/$d/*.sh $testdir
+        cp -r ${S}/ctdb/tests/$d/scripts ${S}/ctdb/tests/$d/stubs $testdir || true
+    done
+    # fix file-rdeps qa warning
+    if [ -f ${D}${bindir}/onnode ]; then
+        sed -i 's:\(#!/bin/\)bash:\1sh:' ${D}${bindir}/onnode
+    fi
+    chmod 0750 ${D}${sysconfdir}/sudoers.d
+    rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log
+}
+PACKAGES =+ "${PN}-python ${PN}-pidl \
+             ${PN}-dsdb-modules ${PN}-testsuite registry-tools \
+             winbind \
+             ${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \
+             smbclient ${PN}-client ${PN}-server ${PN}-test"
+python samba_populate_packages() {
+    def module_hook(file, pkg, pattern, format, basename):
+        pn = d.getVar('PN')
+        d.appendVar('RRECOMMENDS_%s-base' % pn, ' %s' % pkg)
+    mlprefix = d.getVar('MLPREFIX') or ''
+    pam_libdir = d.expand('${base_libdir}/security')
+    pam_pkgname = mlprefix + 'pam-plugin%s'
+    do_split_packages(d, pam_libdir, '^pam_(.*)\.so$', pam_pkgname, 'PAM plugin for %s', extra_depends='', prepend=True)
+    libdir = d.getVar('libdir')
+    do_split_packages(d, libdir, '^lib(.*)\.so\..*$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True, allow_links=True)
+    pkglibdir = '%s/samba' % libdir
+    do_split_packages(d, pkglibdir, '^lib(.*)\.so$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True)
+    moduledir = '%s/samba/auth' % libdir
+    do_split_packages(d, moduledir, '^(.*)\.so$', 'samba-auth-%s', 'Samba %s authentication backend', hook=module_hook, extra_depends='', prepend=True)
+    moduledir = '%s/samba/pdb' % libdir
+    do_split_packages(d, moduledir, '^(.*)\.so$', 'samba-pdb-%s', 'Samba %s password backend', hook=module_hook, extra_depends='', prepend=True)
+}
+PACKAGESPLITFUNCS_prepend = "samba_populate_packages "
+PACKAGES_DYNAMIC = "samba-auth-.* samba-pdb-.*"
+RDEPENDS_${PN} += "${PN}-base ${PN}-python ${PN}-dsdb-modules"
+RDEPENDS_${PN}-python += "pytalloc python-tdb"
+FILES_${PN}-base = "${sbindir}/nmbd \
+                    ${sbindir}/smbd \
+                    ${sysconfdir}/init.d \
+                    ${systemd_system_unitdir}/nmb.service \
+                    ${systemd_system_unitdir}/smb.service"
+FILES_${PN}-ad-dc = "${sbindir}/samba \
+                     ${systemd_system_unitdir}/samba.service \
+                     ${libdir}/krb5/plugins/kdb/samba.so \
+"
+RDEPENDS_${PN}-ad-dc = "krb5-kdc"
+FILES_${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \
+                          ${bindir}/ctdb_run_cluster_tests \
+                          ${sysconfdir}/ctdb/nodes \
+                          ${datadir}/ctdb-tests \
+                          ${datadir}/ctdb/tests \
+                          ${localstatedir}/lib/ctdb \
+                         "
+FILES_${BPN}-common = "${sysconfdir}/default \
+                       ${sysconfdir}/samba \
+                       ${sysconfdir}/tmpfiles.d \
+                       ${localstatedir}/lib/samba \
+                       ${localstatedir}/spool/samba \
+"
+FILES_${PN} += "${libdir}/vfs/*.so \
+                ${libdir}/charset/*.so \
+                ${libdir}/*.dat \
+                ${libdir}/auth/*.so \
+"
+FILES_${PN}-dsdb-modules = "${libdir}/samba/ldb"
+FILES_${PN}-testsuite = "${bindir}/gentest \
+                         ${bindir}/locktest \
+                         ${bindir}/masktest \
+                         ${bindir}/ndrdump \
+                         ${bindir}/smbtorture"
+FILES_registry-tools = "${bindir}/regdiff \
+                        ${bindir}/regpatch \
+                        ${bindir}/regshell \
+                        ${bindir}/regtree"
+FILES_winbind = "${sbindir}/winbindd \
+                 ${bindir}/wbinfo \
+                 ${bindir}/ntlm_auth \
+                 ${libdir}/samba/idmap \
+                 ${libdir}/samba/nss_info \
+                 ${libdir}/winbind_krb5_locator.so \
+                 ${libdir}/winbind-krb5-localauth.so \
+                 ${sysconfdir}/init.d/winbind \
+                 ${systemd_system_unitdir}/winbind.service"
+FILES_${PN}-python = "${PYTHON_SITEPACKAGES_DIR}"
+FILES_smbclient = "${bindir}/cifsdd \
+                   ${bindir}/rpcclient \
+                   ${bindir}/smbcacls \
+                   ${bindir}/smbclient \
+                   ${bindir}/smbcquotas \
+                   ${bindir}/smbget \
+                   ${bindir}/smbspool \
+                   ${bindir}/smbtar \
+                   ${bindir}/smbtree \
+                   ${libdir}/samba/smbspool_krb5_wrapper"
+RDEPENDS_${PN}-pidl_append = " perl"
+FILES_${PN}-pidl = "${bindir}/pidl ${datadir}/perl5/Parse"
+RDEPENDS_${PN}-client = "\
+    smbclient \
+    winbind \
+    registry-tools \
+    ${PN}-pidl \
+    " 
+ALLOW_EMPTY_${PN}-client = "1"
+RDEPENDS_${PN}-server = "\
+    ${PN} \
+    winbind \
+    registry-tools \
+    " 
+ALLOW_EMPTY_${PN}-server = "1"
+RDEPENDS_${PN}-test = "\
+    ${PN}-ctdb-tests \
+    ${PN}-testsuite \
+    "
+ALLOW_EMPTY_${PN}-test = "1"
author	Johannes Pointner <johannes.pointner@br-automation.com>	2019-05-08 09:31:19 +0200
committer	Khem Raj <raj.khem@gmail.com>	2019-05-09 20:34:33 -0700
commit	11e7ffc442ddca6536c23edc5831e8137f519a0c (patch)
tree	be53ba4d0e9c31adffdcd563ffa8dae3f757cc97 /meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
parent	7edaba2496d6132fa6b74a7940bb9a4b4c8a4dfb (diff)
download	meta-openembedded-11e7ffc442ddca6536c23edc5831e8137f519a0c.tar.gz

diff --git a/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb new file mode 100644 index 000000000..8c08d1ed3 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba_4.8.11.bb
@@ -0,0 +1,324 @@
	1	HOMEPAGE = "https://www.samba.org/"
	2	SECTION = "console/network"
	3
	4	LICENSE = "GPL-3.0+ & LGPL-3.0+ & GPL-2.0+"
	5	LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
	6	file://${COREBASE}/meta/files/common-licenses/LGPL-3.0;md5=bfccfe952269fff2b407dd11f2f3083b \
	7	file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6 "
	8
	9	SAMBA_MIRROR = "http://samba.org/samba/ftp"
	10	MIRRORS += "\
	11	${SAMBA_MIRROR} http://mirror.internode.on.net/pub/samba \n \
	12	${SAMBA_MIRROR} http://www.mirrorservice.org/sites/ftp.samba.org \n \
	13	"
	14
	15	SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
	16	file://smb.conf \
	17	file://16-do-not-check-xsltproc-manpages.patch \
	18	file://20-do-not-import-target-module-while-cross-compile.patch \
	19	file://21-add-config-option-without-valgrind.patch \
	20	file://netdb_defines.patch \
	21	file://glibc_only.patch \
	22	file://iconv-4.7.0.patch \
	23	file://dnsserver-4.7.0.patch \
	24	file://smb_conf-4.7.0.patch \
	25	file://volatiles.03_samba \
	26	"
	27	SRC_URI_append_libc-musl = " \
	28	file://samba-pam.patch \
	29	file://samba-4.3.9-remove-getpwent_r.patch \
	30	file://cmocka-uintptr_t.patch \
	31	"
	32
	33	SRC_URI[md5sum] = "de61611075e97ea98140a42d9189d9a5"
	34	SRC_URI[sha256sum] = "d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a"
	35
	36	UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.8(\.\d+)+).tar.gz"
	37
	38	inherit systemd waf-samba cpan-base perlnative update-rc.d
	39	# remove default added RDEPENDS on perl
	40	RDEPENDS_${PN}_remove = "perl"
	41
	42	DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libbsd libaio libpam"
	43
	44	inherit distro_features_check
	45	REQUIRED_DISTRO_FEATURES = "pam"
	46
	47	DEPENDS_append_libc-musl = " libtirpc"
	48	CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc"
	49	LDFLAGS_append_libc-musl = " -ltirpc"
	50
	51	INITSCRIPT_NAME = "samba"
	52	INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ."
	53
	54	SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind"
	55	SYSTEMD_SERVICE_${PN}-base = "nmb.service smb.service"
	56	SYSTEMD_SERVICE_${PN}-ad-dc = "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'samba.service', '', d)}"
	57	SYSTEMD_SERVICE_winbind = "winbind.service"
	58
	59	# There are prerequisite settings to enable ad-dc, so disable the service by default.
	60	# Reference:
	61	# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
	62	SYSTEMD_AUTO_ENABLE_${PN}-ad-dc = "disable"
	63
	64	# Use krb5. Build active domain controller.
	65	#
	66	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \
	67	acl ad-dc cups gnutls ldap mitkrb5 \
	68	"
	69
	70	RDEPENDS_${PN}-ctdb-tests += "bash util-linux-getopt"
	71
	72	PACKAGECONFIG[acl] = "--with-acl-support,--without-acl-support,acl"
	73	PACKAGECONFIG[fam] = "--with-fam,--without-fam,gamin"
	74	PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,cups"
	75	PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
	76	PACKAGECONFIG[sasl] = ",,cyrus-sasl"
	77	PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd"
	78	PACKAGECONFIG[dmapi] = "--with-dmapi,--without-dmapi,dmapi"
	79	PACKAGECONFIG[zeroconf] = "--enable-avahi,--disable-avahi,avahi"
	80	PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind,"
	81	PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust"
	82	PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive"
	83	PACKAGECONFIG[libunwind] = ", , libunwind"
	84
	85	# Building the AD (Active Directory) DC (Domain Controller) requires GnuTLS,
	86	# And ad-dc doesn't work with mitkrb5 for versions prior to 4.7.0 according to:
	87	# http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html
	88	# So the working combination is:
	89	# 1) ad-dc: enable, gnutls: enable, mitkrb5: disable
	90	# 2) ad-dc: disable, gnutls: enable/disable, mitkrb5: enable
	91	#
	92	# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where
	93	# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow.
	94	#
	95	PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,,"
	96	PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
	97	PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5,"
	98
	99	SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2"
	100	SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4"
	101	SAMBA4_AUTH_MODULES="auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4"
	102	SAMBA4_MODULES="${SAMBA4_IDMAP_MODULES},${SAMBA4_PDB_MODULES},${SAMBA4_AUTH_MODULES}"
	103
	104	# These libraries are supposed to replace others supplied by packages, but decorate the names of
	105	# .so files so there will not be a conflict. This is not done consistantly, so be very careful
	106	# when adding to this list.
	107	#
	108	SAMBA4_LIBS="heimdal,cmocka,ldb,pyldb-util,NONE"
	109
	110	# interim packages: As long as ldb/pyldb-util are in SAMBA4_LIBS we need to pack
	111	# bundled libraries in seperate packages. Otherwise they are auto-packed in
	112	# package 'samba' which RDEPENDS on lots of packages not wanted e.g autostarting
	113	# nmbd/smbd daemons
	114	# Once 'ldb,pyldb-util' are removed from SAMBA4_LIBS the bundled packages can
	115	# be removed again.
	116	PACKAGES =+ "${PN}-bundled-ldb ${PN}-bundled-pyldb-util"
	117	FILES_${PN}-bundled-ldb = "${libdir}/samba/libldb${SOLIBS}"
	118	FILES_${PN}-bundled-pyldb-util = "${libdir}/samba/libpyldb-util${SOLIBS}"
	119
	120	EXTRA_OECONF += "--enable-fhs \
	121	--with-piddir=/run \
	122	--with-sockets-dir=/run/samba \
	123	--with-modulesdir=${libdir}/samba \
	124	--with-lockdir=${localstatedir}/lib/samba \
	125	--with-cachedir=${localstatedir}/lib/samba \
	126	--disable-rpath-install \
	127	--with-shared-modules=${SAMBA4_MODULES} \
	128	--bundled-libraries=${SAMBA4_LIBS} \
	129	${@oe.utils.conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \
	130	--with-cluster-support \
	131	--with-profiling-data \
	132	--with-libiconv=${STAGING_DIR_HOST}${prefix} \
	133	--with-pam --with-pammodulesdir=${base_libdir}/security \
	134	"
	135
	136	LDFLAGS += "-Wl,-z,relro,-z,now ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}"
	137
	138	do_install_append() {
	139	for section in 1 5 7; do
	140	install -d ${D}${mandir}/man$section
	141	install -m 0644 ctdb/doc/*.$section ${D}${mandir}/man$section
	142	done
	143	for section in 1 5 7 8; do
	144	install -d ${D}${mandir}/man$section
	145	install -m 0644 docs/manpages/*.$section ${D}${mandir}/man$section
	146	done
	147
	148	install -d ${D}${systemd_system_unitdir}
	149	install -m 0644 ${S}/bin/default/packaging/systemd/*.service ${D}${systemd_system_unitdir}/
	150	sed -e 's,\(ExecReload=\).*\(/kill\),\1${base_bindir}\2,' \
	151	-e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \
	152	-i ${D}${systemd_system_unitdir}/*.service
	153
	154	if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ]; then
	155	rm -f ${D}${systemd_system_unitdir}/samba.service
	156	fi
	157
	158	install -d ${D}${sysconfdir}/tmpfiles.d
	159	install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconfdir}/tmpfiles.d/samba.conf
	160	echo "d ${localstatedir}/log/samba 0755 root root -" \
	161	>> ${D}${sysconfdir}/tmpfiles.d/samba.conf
	162	install -d ${D}${sysconfdir}/init.d
	163	install -m 0755 packaging/sysv/samba.init ${D}${sysconfdir}/init.d/samba
	164	sed -e 's,/opt/samba/bin,${sbindir},g' \
	165	-e 's,/opt/samba/smb.conf,${sysconfdir}/samba/smb.conf,g' \
	166	-e 's,/opt/samba/log,${localstatedir}/log/samba,g' \
	167	-e 's,/etc/init.d/samba.server,${sysconfdir}/init.d/samba,g' \
	168	-e 's,/usr/bin,${base_bindir},g' \
	169	-i ${D}${sysconfdir}/init.d/samba
	170
	171	install -d ${D}${sysconfdir}/samba
	172	echo "127.0.0.1 localhost" > ${D}${sysconfdir}/samba/lmhosts
	173	install -m644 ${WORKDIR}/smb.conf ${D}${sysconfdir}/samba/smb.conf
	174	install -D -m 644 ${WORKDIR}/volatiles.03_samba ${D}${sysconfdir}/default/volatiles/03_samba
	175
	176	install -d ${D}${sysconfdir}/default
	177	install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir}/default/samba
	178
	179	# install ctdb config file and test cases
	180	install -D -m 0644 ${S}/ctdb/tests/onnode/nodes ${D}${sysconfdir}/ctdb/nodes
	181	# the items are from ctdb/tests/run_tests.sh
	182	for d in onnode takeover tool eventscripts cunit simple complex; do
	183	testdir=${D}${datadir}/ctdb-tests/$d
	184	install -d $testdir
	185	cp ${S}/ctdb/tests/$d/*.sh $testdir
	186	cp -r ${S}/ctdb/tests/$d/scripts ${S}/ctdb/tests/$d/stubs $testdir \|\| true
	187	done
	188
	189	# fix file-rdeps qa warning
	190	if [ -f ${D}${bindir}/onnode ]; then
	191	sed -i 's:\(#!/bin/\)bash:\1sh:' ${D}${bindir}/onnode
	192	fi
	193
	194	chmod 0750 ${D}${sysconfdir}/sudoers.d
	195	rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log
	196	}
	197
	198	PACKAGES =+ "${PN}-python ${PN}-pidl \
	199	${PN}-dsdb-modules ${PN}-testsuite registry-tools \
	200	winbind \
	201	${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \
	202	smbclient ${PN}-client ${PN}-server ${PN}-test"
	203
	204	python samba_populate_packages() {
	205	def module_hook(file, pkg, pattern, format, basename):
	206	pn = d.getVar('PN')
	207	d.appendVar('RRECOMMENDS_%s-base' % pn, ' %s' % pkg)
	208
	209	mlprefix = d.getVar('MLPREFIX') or ''
	210	pam_libdir = d.expand('${base_libdir}/security')
	211	pam_pkgname = mlprefix + 'pam-plugin%s'
	212	do_split_packages(d, pam_libdir, '^pam_(.*)\.so$', pam_pkgname, 'PAM plugin for %s', extra_depends='', prepend=True)
	213
	214	libdir = d.getVar('libdir')
	215	do_split_packages(d, libdir, '^lib(.)\.so\..$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True, allow_links=True)
	216	pkglibdir = '%s/samba' % libdir
	217	do_split_packages(d, pkglibdir, '^lib(.*)\.so$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True)
	218	moduledir = '%s/samba/auth' % libdir
	219	do_split_packages(d, moduledir, '^(.*)\.so$', 'samba-auth-%s', 'Samba %s authentication backend', hook=module_hook, extra_depends='', prepend=True)
	220	moduledir = '%s/samba/pdb' % libdir
	221	do_split_packages(d, moduledir, '^(.*)\.so$', 'samba-pdb-%s', 'Samba %s password backend', hook=module_hook, extra_depends='', prepend=True)
	222	}
	223
	224	PACKAGESPLITFUNCS_prepend = "samba_populate_packages "
	225	PACKAGES_DYNAMIC = "samba-auth-.* samba-pdb-.*"
	226
	227	RDEPENDS_${PN} += "${PN}-base ${PN}-python ${PN}-dsdb-modules"
	228	RDEPENDS_${PN}-python += "pytalloc python-tdb"
	229
	230	FILES_${PN}-base = "${sbindir}/nmbd \
	231	${sbindir}/smbd \
	232	${sysconfdir}/init.d \
	233	${systemd_system_unitdir}/nmb.service \
	234	${systemd_system_unitdir}/smb.service"
	235
	236	FILES_${PN}-ad-dc = "${sbindir}/samba \
	237	${systemd_system_unitdir}/samba.service \
	238	${libdir}/krb5/plugins/kdb/samba.so \
	239	"
	240	RDEPENDS_${PN}-ad-dc = "krb5-kdc"
	241
	242	FILES_${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \
	243	${bindir}/ctdb_run_cluster_tests \
	244	${sysconfdir}/ctdb/nodes \
	245	${datadir}/ctdb-tests \
	246	${datadir}/ctdb/tests \
	247	${localstatedir}/lib/ctdb \
	248	"
	249
	250	FILES_${BPN}-common = "${sysconfdir}/default \
	251	${sysconfdir}/samba \
	252	${sysconfdir}/tmpfiles.d \
	253	${localstatedir}/lib/samba \
	254	${localstatedir}/spool/samba \
	255	"
	256
	257	FILES_${PN} += "${libdir}/vfs/*.so \
	258	${libdir}/charset/*.so \
	259	${libdir}/*.dat \
	260	${libdir}/auth/*.so \
	261	"
	262
	263	FILES_${PN}-dsdb-modules = "${libdir}/samba/ldb"
	264
	265	FILES_${PN}-testsuite = "${bindir}/gentest \
	266	${bindir}/locktest \
	267	${bindir}/masktest \
	268	${bindir}/ndrdump \
	269	${bindir}/smbtorture"
	270
	271	FILES_registry-tools = "${bindir}/regdiff \
	272	${bindir}/regpatch \
	273	${bindir}/regshell \
	274	${bindir}/regtree"
	275
	276	FILES_winbind = "${sbindir}/winbindd \
	277	${bindir}/wbinfo \
	278	${bindir}/ntlm_auth \
	279	${libdir}/samba/idmap \
	280	${libdir}/samba/nss_info \
	281	${libdir}/winbind_krb5_locator.so \
	282	${libdir}/winbind-krb5-localauth.so \
	283	${sysconfdir}/init.d/winbind \
	284	${systemd_system_unitdir}/winbind.service"
	285
	286	FILES_${PN}-python = "${PYTHON_SITEPACKAGES_DIR}"
	287
	288	FILES_smbclient = "${bindir}/cifsdd \
	289	${bindir}/rpcclient \
	290	${bindir}/smbcacls \
	291	${bindir}/smbclient \
	292	${bindir}/smbcquotas \
	293	${bindir}/smbget \
	294	${bindir}/smbspool \
	295	${bindir}/smbtar \
	296	${bindir}/smbtree \
	297	${libdir}/samba/smbspool_krb5_wrapper"
	298
	299	RDEPENDS_${PN}-pidl_append = " perl"
	300	FILES_${PN}-pidl = "${bindir}/pidl ${datadir}/perl5/Parse"
	301
	302	RDEPENDS_${PN}-client = "\
	303	smbclient \
	304	winbind \
	305	registry-tools \
	306	${PN}-pidl \
	307	"
	308
	309	ALLOW_EMPTY_${PN}-client = "1"
	310
	311	RDEPENDS_${PN}-server = "\
	312	${PN} \
	313	winbind \
	314	registry-tools \
	315	"
	316
	317	ALLOW_EMPTY_${PN}-server = "1"
	318
	319	RDEPENDS_${PN}-test = "\
	320	${PN}-ctdb-tests \
	321	${PN}-testsuite \
	322	"
	323
	324	ALLOW_EMPTY_${PN}-test = "1"