libgssglue: add new recipe

libgssglue exports a gssapi interface which calls other gssapi libraries. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Jackie Huang <jackie.huang@windriver.com> 2017-07-28 10:00:56 +0800
committer: Armin Kuster <akuster808@gmail.com> 2017-08-13 08:26:14 -0700
commit: 1c3afde094d6cb7951957a67f4127dc06abecaa5 (patch)
tree: d4d66bc01b4abb7531b8d7ad1625f28ebb0f0746
parent: 2f30963b822b508bf53795950ea6e8198f464807 (diff)
download: meta-security-1c3afde094d6cb7951957a67f4127dc06abecaa5.tar.gz
6 files changed, 223 insertions, 0 deletions
diff --git a/recipes-security/libgssglue/files/libgssglue-canon-name.patch b/recipes-security/libgssglue/files/libgssglue-canon-name.patch
new file mode 100644
index 0000000..cb7c47b
--- /dev/null
+++ b/recipes-security/libgssglue/files/libgssglue-canon-name.patch
@@ -0,0 +1,60 @@
+fix the bug:
+g_canon_name.c:125:5: warning: passing argument 2 of '__gss_copy_namebuf' from incompatible pointer type [enabled by default]
+the 2nd argument of __gss_copy_namebuf should be address of *gss_buffer_t, \
+but a *gss_buffer_t is assigned.
+what __gss_copy_namebuf does is to alloc memory for a gss_buffer_desc and \
+copy from src and return its address.
+if following code failed, gss_release_name will free \
+union_canon_name->external_name.value if it is not NULL.
+OM_uint32 __gss_copy_namebuf(src, dest)
+    gss_buffer_t   src;
+    gss_buffer_t   *dest;
+typedef struct gss_union_name_t {
+        gss_mechanism           gss_mech;
+        gss_OID                 name_type;
+        gss_buffer_desc         external_name;
+        /*
+         * These last two fields are only filled in for mechanism
+         * names.
+         */
+        gss_OID                 mech_type;
+        gss_name_t              mech_name;
+} gss_union_name_desc, *gss_union_name_t;
+typedef struct gss_buffer_desc_struct {
+      size_t length;
+      void FAR *value;
+} gss_buffer_desc, FAR *gss_buffer_t;
+Upstream-Status: Pending
+Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
+--- a/src/g_canon_name.c
+++ b/src/g_canon_name.c
+@@ -121,11 +121,17 @@ gss_canonicalize_name (OM_uint32 *minor_
+ 
+     union_canon_name->mech_name = mech_name;
+ 
+-    status = __gss_copy_namebuf(&union_input_name->external_name,
+-                               &union_canon_name->external_name);
+-    if (status != GSS_S_COMPLETE)
+-       goto failure;
+    union_canon_name->external_name.value = (void*) malloc(
+                      union_input_name->external_name.length + 1);
+    if (!union_canon_name->external_name.value)
+        goto failure;
+ 
+    memcpy(union_canon_name->external_name.value, 
+           union_input_name->external_name.value, 
+           union_input_name->external_name.length);
+    union_canon_name->external_name.length = 
+                      union_input_name->external_name.length; 
+   
+     if (union_input_name->name_type != GSS_C_NO_OID) {
+        status = generic_gss_copy_oid(minor_status,
+                                      union_input_name->name_type,
diff --git a/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch b/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
new file mode 100644
index 0000000..6aa1a65
--- /dev/null
+++ b/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
@@ -0,0 +1,43 @@
+Use secure_getenv instead of getenv for setuid programs
+(bnc#694598 CVE-2011-2709 bnc#831805)
+import from:
+https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
+Upstream-Status: Pending
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+diff --git a/src/g_initialize.c b/src/g_initialize.c
+index 200f173..935a9fa 100644
+--- a/src/g_initialize.c
+++ b/src/g_initialize.c
+@@ -26,6 +26,7 @@
+  * This function will initialize the gssapi mechglue library
+  */
+ 
+#define _GNU_SOURCE
+ #include "mglueP.h"
+ #include <stdlib.h>
+ 
+@@ -197,8 +198,7 @@ static void solaris_initialize ()
+     void *dl;
+     gss_mechanism (*sym)(void), mech;
+ 
+-    if ((getuid() != geteuid()) ||
+-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
+    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
+        filename = MECH_CONF;
+ 
+     if ((conffile = fopen(filename, "r")) == NULL) {
+@@ -274,8 +274,7 @@ static void linux_initialize ()
+     void *dl;
+     gss_mechanism (*sym)(void), mech;
+ 
+-    if ((getuid() != geteuid()) ||
+-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
+    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
+        filename = MECH_CONF;
+ 
+     if ((conffile = fopen(filename, "r")) == NULL) {
diff --git a/recipes-security/libgssglue/files/libgssglue-g-initialize.patch b/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
new file mode 100644
index 0000000..4a9ba33
--- /dev/null
+++ b/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
@@ -0,0 +1,21 @@
+Fix the warning for getuid, geteuid
+g_initialize.c: In function 'linux_initialize':
+g_initialize.c:275:5: warning: implicit declaration of function 'getuid' [-Wimplicit-function-declaration]
+g_initialize.c:275:5: warning: implicit declaration of function 'geteuid' [-Wimplicit-function-declaration]
+Upstream-Status: Pending
+Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
+diff --git a/src/g_initialize.c b/src1/g_initialize.c
+index 82fcce1..200f173 100644
+--- a/src/g_initialize.c
+++ b/src/g_initialize.c
+@@ -29,6 +29,8 @@
+ #include "mglueP.h"
+ #include <stdlib.h>
+ 
+#include <unistd.h>   /*getuid, geteuid */
+#include <sys/types.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <ctype.h>
diff --git a/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch b/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
new file mode 100644
index 0000000..6dce3e7
--- /dev/null
+++ b/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
@@ -0,0 +1,27 @@
+1) add free if malloc failed for (*mechanisms)->elements
+2) g_inq_cred.c: In function 'gss_inquire_cred':
+g_inq_cred.c:161:8: warning: passing argument 3 of 'generic_gss_copy_oid' from incompatible pointer type [enabled by default]
+Upstream-Status: Pending
+Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
+--- a/src/g_inq_cred.c
+++ b/src/g_inq_cred.c
+@@ -152,13 +152,15 @@ gss_OID_set *             mechanisms;
+                             union_cred->count);
+        if ((*mechanisms)->elements == NULL) {
+            *minor_status = ENOMEM;
+           free(*mechanisms);
+           *mechanisms = GSS_C_NO_OID_SET;
+            return (GSS_S_FAILURE);
+        }
+ 
+        for (i=0; i < union_cred->count; i++) {
+-           status = generic_gss_copy_oid(minor_status,
+           status = generic_gss_add_oid_set_member(minor_status,
+                                          &union_cred->mechs_array[i],
+-                                         &((*mechanisms)->elements[i]));
+                                         mechanisms);
+            if (status != GSS_S_COMPLETE)
+                break;
+        }
diff --git a/recipes-security/libgssglue/files/libgssglue-mglueP.patch b/recipes-security/libgssglue/files/libgssglue-mglueP.patch
new file mode 100644
index 0000000..6c9ebf0
--- /dev/null
+++ b/recipes-security/libgssglue/files/libgssglue-mglueP.patch
@@ -0,0 +1,21 @@
+fix the warning:
+warning: implicit declaration of function 'generic_gss_copy_oid_set' [-Wimplicit-function-declaration]
+Upstream-Status: Pending
+Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
+--- a/src/mglueP.h
+++ b/src/mglueP.h
+@@ -447,6 +447,12 @@ OM_uint32 generic_gss_copy_oid
+            gss_OID *           /* new_oid */
+            );
+ 
+OM_uint32 generic_gss_copy_oid_set
+          (OM_uint32 *minor_status,    /* minor_status */
+           const gss_OID_set_desc * const oidset,      /* oid */
+           gss_OID_set *new_oidset                     /* new_oid */
+          );
+
+ OM_uint32 generic_gss_create_empty_oid_set
+           (OM_uint32 *,        /* minor_status */
+            gss_OID_set *       /* oid_set */
diff --git a/recipes-security/libgssglue/libgssglue_0.4.bb b/recipes-security/libgssglue/libgssglue_0.4.bb
new file mode 100644
index 0000000..f7859a7
--- /dev/null
+++ b/recipes-security/libgssglue/libgssglue_0.4.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Exports a gssapi interface which calls other gssapi libraries"
+DESCRIPTION = "\
+This library exports a gssapi interface, but does not implement any gssapi \
+mechanisms itself; instead it calls gssapi routines in other libraries, \
+depending on the mechanism. \
+"
+HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/"
+SECTION = "libs"
+LICENSE = "BSD-3-Clause | HPND"
+#Copyright (c) 1996, by Sun Microsystems, Inc.                   HPND
+#Copyright (c) 2007 The Regents of the University of Michigan. BSD-3-Clause
+#Copyright 1995 by the Massachusetts Institute of Technology.  HPND without Disclaimer
+#Copyright 1993 by OpenVision Technologies, Inc.               HPND
+LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
+                    file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=8a7f4017cb7f4be49f8981cb8c472690 \
+                    file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \
+                    file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0 \
+                    file://src/oid_ops.c;beginline=378;endline=398;md5=e02c165cb8383e950214baca2fbd664b \
+"
+SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/${BPN}/${BP}.tar.gz \
+           file://libgssglue-canon-name.patch  \
+           file://libgssglue-gss-inq-cred.patch  \
+           file://libgssglue-mglueP.patch \
+           file://libgssglue-g-initialize.patch \
+           file://libgssglue-fix-CVE-2011-2709.patch \
+"
+SRC_URI[md5sum] = "088797f3180702fa54e786496b32e750"
+SRC_URI[sha256sum] = "3f791a75502ba723e5e85e41e5e0c711bb89e2716b7c0ec6e74bd1df6739043a"
+# gssglue can use krb5, spkm3... as gssapi library, configurable
+RRECOMMENDS_${PN} += "krb5"
+inherit autotools
+do_install_append() {
+    # install some docs
+    install -d -m 0755 ${D}${docdir}/${BPN}
+    install -m 0644 ${S}/AUTHORS ${S}/ChangeLog ${S}/NEWS ${S}/README ${D}${docdir}/${BPN}
+    # install the gssapi_mech.conf
+    install -d -m 0755 ${D}${sysconfdir}
+    install -m 0644 ${S}/doc/gssapi_mech.conf ${D}${sysconfdir}
+    
+    # change the libgssapi_krb5.so path and name(it is .so.2)
+    sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf
+}
author	Jackie Huang <jackie.huang@windriver.com>	2017-07-28 10:00:56 +0800
committer	Armin Kuster <akuster808@gmail.com>	2017-08-13 08:26:14 -0700
commit	1c3afde094d6cb7951957a67f4127dc06abecaa5 (patch)
tree	d4d66bc01b4abb7531b8d7ad1625f28ebb0f0746
parent	2f30963b822b508bf53795950ea6e8198f464807 (diff)
download	meta-security-1c3afde094d6cb7951957a67f4127dc06abecaa5.tar.gz

diff --git a/recipes-security/libgssglue/files/libgssglue-canon-name.patch b/recipes-security/libgssglue/files/libgssglue-canon-name.patch new file mode 100644 index 0000000..cb7c47b --- /dev/null +++ b/recipes-security/libgssglue/files/libgssglue-canon-name.patch
@@ -0,0 +1,60 @@
	1	fix the bug:
	2	g_canon_name.c:125:5: warning: passing argument 2 of '__gss_copy_namebuf' from incompatible pointer type [enabled by default]
	3
	4	the 2nd argument of __gss_copy_namebuf should be address of *gss_buffer_t, \
	5	but a *gss_buffer_t is assigned.
	6
	7	what __gss_copy_namebuf does is to alloc memory for a gss_buffer_desc and \
	8	copy from src and return its address.
	9
	10	if following code failed, gss_release_name will free \
	11	union_canon_name->external_name.value if it is not NULL.
	12
	13	OM_uint32 __gss_copy_namebuf(src, dest)
	14	gss_buffer_t src;
	15	gss_buffer_t *dest;
	16
	17	typedef struct gss_union_name_t {
	18	gss_mechanism gss_mech;
	19	gss_OID name_type;
	20	gss_buffer_desc external_name;
	21	/*
	22	* These last two fields are only filled in for mechanism
	23	* names.
	24	*/
	25	gss_OID mech_type;
	26	gss_name_t mech_name;
	27	} gss_union_name_desc, *gss_union_name_t;
	28
	29	typedef struct gss_buffer_desc_struct {
	30	size_t length;
	31	void FAR *value;
	32	} gss_buffer_desc, FAR *gss_buffer_t;
	33
	34	Upstream-Status: Pending
	35	Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
	36
	37	--- a/src/g_canon_name.c
	38	+++ b/src/g_canon_name.c
	39	@@ -121,11 +121,17 @@ gss_canonicalize_name (OM_uint32 *minor_
	40
	41	union_canon_name->mech_name = mech_name;
	42
	43	- status = __gss_copy_namebuf(&union_input_name->external_name,
	44	- &union_canon_name->external_name);
	45	- if (status != GSS_S_COMPLETE)
	46	- goto failure;
	47	+ union_canon_name->external_name.value = (void*) malloc(
	48	+ union_input_name->external_name.length + 1);
	49	+ if (!union_canon_name->external_name.value)
	50	+ goto failure;
	51
	52	+ memcpy(union_canon_name->external_name.value,
	53	+ union_input_name->external_name.value,
	54	+ union_input_name->external_name.length);
	55	+ union_canon_name->external_name.length =
	56	+ union_input_name->external_name.length;
	57	+
	58	if (union_input_name->name_type != GSS_C_NO_OID) {
	59	status = generic_gss_copy_oid(minor_status,
	60	union_input_name->name_type,


diff --git a/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch b/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch new file mode 100644 index 0000000..6aa1a65 --- /dev/null +++ b/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
@@ -0,0 +1,43 @@
	1	Use secure_getenv instead of getenv for setuid programs
	2
	3	(bnc#694598 CVE-2011-2709 bnc#831805)
	4
	5	import from:
	6	https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
	7
	8	Upstream-Status: Pending
	9
	10	Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
	11
	12	diff --git a/src/g_initialize.c b/src/g_initialize.c
	13	index 200f173..935a9fa 100644
	14	--- a/src/g_initialize.c
	15	+++ b/src/g_initialize.c
	16	@@ -26,6 +26,7 @@
	17	* This function will initialize the gssapi mechglue library
	18	*/
	19
	20	+#define _GNU_SOURCE
	21	#include "mglueP.h"
	22	#include <stdlib.h>
	23
	24	@@ -197,8 +198,7 @@ static void solaris_initialize ()
	25	void *dl;
	26	gss_mechanism (*sym)(void), mech;
	27
	28	- if ((getuid() != geteuid()) \|\|
	29	- ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
	30	+ if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
	31	filename = MECH_CONF;
	32
	33	if ((conffile = fopen(filename, "r")) == NULL) {
	34	@@ -274,8 +274,7 @@ static void linux_initialize ()
	35	void *dl;
	36	gss_mechanism (*sym)(void), mech;
	37
	38	- if ((getuid() != geteuid()) \|\|
	39	- ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
	40	+ if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
	41	filename = MECH_CONF;
	42
	43	if ((conffile = fopen(filename, "r")) == NULL) {


diff --git a/recipes-security/libgssglue/files/libgssglue-g-initialize.patch b/recipes-security/libgssglue/files/libgssglue-g-initialize.patch new file mode 100644 index 0000000..4a9ba33 --- /dev/null +++ b/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
@@ -0,0 +1,21 @@
	1	Fix the warning for getuid, geteuid
	2	g_initialize.c: In function 'linux_initialize':
	3	g_initialize.c:275:5: warning: implicit declaration of function 'getuid' [-Wimplicit-function-declaration]
	4	g_initialize.c:275:5: warning: implicit declaration of function 'geteuid' [-Wimplicit-function-declaration]
	5
	6	Upstream-Status: Pending
	7	Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
	8
	9	diff --git a/src/g_initialize.c b/src1/g_initialize.c
	10	index 82fcce1..200f173 100644
	11	--- a/src/g_initialize.c
	12	+++ b/src/g_initialize.c
	13	@@ -29,6 +29,8 @@
	14	#include "mglueP.h"
	15	#include <stdlib.h>
	16
	17	+#include <unistd.h> /getuid, geteuid /
	18	+#include <sys/types.h>
	19	#include <stdio.h>
	20	#include <string.h>
	21	#include <ctype.h>


diff --git a/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch b/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch new file mode 100644 index 0000000..6dce3e7 --- /dev/null +++ b/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
@@ -0,0 +1,27 @@
	1	1) add free if malloc failed for (*mechanisms)->elements
	2	2) g_inq_cred.c: In function 'gss_inquire_cred':
	3	g_inq_cred.c:161:8: warning: passing argument 3 of 'generic_gss_copy_oid' from incompatible pointer type [enabled by default]
	4
	5	Upstream-Status: Pending
	6	Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
	7
	8	--- a/src/g_inq_cred.c
	9	+++ b/src/g_inq_cred.c
	10	@@ -152,13 +152,15 @@ gss_OID_set * mechanisms;
	11	union_cred->count);
	12	if ((*mechanisms)->elements == NULL) {
	13	*minor_status = ENOMEM;
	14	+ free(*mechanisms);
	15	+ *mechanisms = GSS_C_NO_OID_SET;
	16	return (GSS_S_FAILURE);
	17	}
	18
	19	for (i=0; i < union_cred->count; i++) {
	20	- status = generic_gss_copy_oid(minor_status,
	21	+ status = generic_gss_add_oid_set_member(minor_status,
	22	&union_cred->mechs_array[i],
	23	- &((*mechanisms)->elements[i]));
	24	+ mechanisms);
	25	if (status != GSS_S_COMPLETE)
	26	break;
	27	}


diff --git a/recipes-security/libgssglue/files/libgssglue-mglueP.patch b/recipes-security/libgssglue/files/libgssglue-mglueP.patch new file mode 100644 index 0000000..6c9ebf0 --- /dev/null +++ b/recipes-security/libgssglue/files/libgssglue-mglueP.patch
@@ -0,0 +1,21 @@
	1	fix the warning:
	2	warning: implicit declaration of function 'generic_gss_copy_oid_set' [-Wimplicit-function-declaration]
	3
	4	Upstream-Status: Pending
	5	Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
	6
	7	--- a/src/mglueP.h
	8	+++ b/src/mglueP.h
	9	@@ -447,6 +447,12 @@ OM_uint32 generic_gss_copy_oid
	10	gss_OID * /* new_oid */
	11	);
	12
	13	+OM_uint32 generic_gss_copy_oid_set
	14	+ (OM_uint32 minor_status, / minor_status */
	15	+ const gss_OID_set_desc * const oidset, /* oid */
	16	+ gss_OID_set new_oidset / new_oid */
	17	+ );
	18	+
	19	OM_uint32 generic_gss_create_empty_oid_set
	20	(OM_uint32 , / minor_status */
	21	gss_OID_set * /* oid_set */


diff --git a/recipes-security/libgssglue/libgssglue_0.4.bb b/recipes-security/libgssglue/libgssglue_0.4.bb new file mode 100644 index 0000000..f7859a7 --- /dev/null +++ b/recipes-security/libgssglue/libgssglue_0.4.bb
@@ -0,0 +1,51 @@
	1	SUMMARY = "Exports a gssapi interface which calls other gssapi libraries"
	2	DESCRIPTION = "\
	3	This library exports a gssapi interface, but does not implement any gssapi \
	4	mechanisms itself; instead it calls gssapi routines in other libraries, \
	5	depending on the mechanism. \
	6	"
	7
	8	HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/"
	9	SECTION = "libs"
	10
	11	LICENSE = "BSD-3-Clause \| HPND"
	12
	13	#Copyright (c) 1996, by Sun Microsystems, Inc. HPND
	14	#Copyright (c) 2007 The Regents of the University of Michigan. BSD-3-Clause
	15	#Copyright 1995 by the Massachusetts Institute of Technology. HPND without Disclaimer
	16	#Copyright 1993 by OpenVision Technologies, Inc. HPND
	17	LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
	18	file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=8a7f4017cb7f4be49f8981cb8c472690 \
	19	file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \
	20	file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0 \
	21	file://src/oid_ops.c;beginline=378;endline=398;md5=e02c165cb8383e950214baca2fbd664b \
	22	"
	23
	24	SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/${BPN}/${BP}.tar.gz \
	25	file://libgssglue-canon-name.patch \
	26	file://libgssglue-gss-inq-cred.patch \
	27	file://libgssglue-mglueP.patch \
	28	file://libgssglue-g-initialize.patch \
	29	file://libgssglue-fix-CVE-2011-2709.patch \
	30	"
	31
	32	SRC_URI[md5sum] = "088797f3180702fa54e786496b32e750"
	33	SRC_URI[sha256sum] = "3f791a75502ba723e5e85e41e5e0c711bb89e2716b7c0ec6e74bd1df6739043a"
	34
	35	# gssglue can use krb5, spkm3... as gssapi library, configurable
	36	RRECOMMENDS_${PN} += "krb5"
	37
	38	inherit autotools
	39
	40	do_install_append() {
	41	# install some docs
	42	install -d -m 0755 ${D}${docdir}/${BPN}
	43	install -m 0644 ${S}/AUTHORS ${S}/ChangeLog ${S}/NEWS ${S}/README ${D}${docdir}/${BPN}
	44
	45	# install the gssapi_mech.conf
	46	install -d -m 0755 ${D}${sysconfdir}
	47	install -m 0644 ${S}/doc/gssapi_mech.conf ${D}${sysconfdir}
	48
	49	# change the libgssapi_krb5.so path and name(it is .so.2)
	50	sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf
	51	}