diff options
author | Kai Kang <kai.kang@windriver.com> | 2020-03-02 22:47:37 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2020-03-05 08:06:51 -0800 |
commit | 4375507f39ed4bc62e1304838870be65f3a81460 (patch) | |
tree | 2eb068e73ddead87d63b1fdeb035ffa06c3c9438 /recipes-security | |
parent | 15061e3a4e1ade2129c0019c0c62e585a8efcb9a (diff) | |
download | meta-security-4375507f39ed4bc62e1304838870be65f3a81460.tar.gz |
sssd: fix for ldblibdir and systemd etc
Fix sssd issue for ldblibdir, systemd, pam etc.
* fix ldblibdir which is not calculated right for cross compile
* create directory /var/log/sssd which is required by sssd daemon
* disable building python2 binding
* fix pam module path
* update systemd configure options and service files
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security')
-rw-r--r-- | recipes-security/sssd/files/fix-ldblibdir.patch | 25 | ||||
-rw-r--r-- | recipes-security/sssd/files/volatiles.99_sssd | 1 | ||||
-rw-r--r-- | recipes-security/sssd/sssd_1.16.4.bb | 43 |
3 files changed, 62 insertions, 7 deletions
diff --git a/recipes-security/sssd/files/fix-ldblibdir.patch b/recipes-security/sssd/files/fix-ldblibdir.patch new file mode 100644 index 0000000..e350baf --- /dev/null +++ b/recipes-security/sssd/files/fix-ldblibdir.patch | |||
@@ -0,0 +1,25 @@ | |||
1 | When calculate value of ldblibdir, it checks whether the directory of | ||
2 | $ldblibdir exists. If not, it assigns ldblibdir with ${libdir}/ldb. It is not | ||
3 | suitable for cross compile. Fix it that only re-assign ldblibdir when its value | ||
4 | is empty. | ||
5 | |||
6 | Upstream-Status: Inappropriate [cross compile specific] | ||
7 | |||
8 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
9 | --- | ||
10 | src/external/libldb.m4 | 2 +- | ||
11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/src/external/libldb.m4 b/src/external/libldb.m4 | ||
14 | index c400add..5e5f06d 100644 | ||
15 | --- a/src/external/libldb.m4 | ||
16 | +++ b/src/external/libldb.m4 | ||
17 | @@ -19,7 +19,7 @@ if test x"$with_ldb_lib_dir" != x; then | ||
18 | ldblibdir=$with_ldb_lib_dir | ||
19 | else | ||
20 | ldblibdir="`$PKG_CONFIG --variable=modulesdir ldb`" | ||
21 | - if ! test -d $ldblibdir; then | ||
22 | + if test -z $ldblibdir; then | ||
23 | ldblibdir="${libdir}/ldb" | ||
24 | fi | ||
25 | fi | ||
diff --git a/recipes-security/sssd/files/volatiles.99_sssd b/recipes-security/sssd/files/volatiles.99_sssd new file mode 100644 index 0000000..2a82413 --- /dev/null +++ b/recipes-security/sssd/files/volatiles.99_sssd | |||
@@ -0,0 +1 @@ | |||
d root root 0750 /var/log/sssd none | |||
diff --git a/recipes-security/sssd/sssd_1.16.4.bb b/recipes-security/sssd/sssd_1.16.4.bb index c381c32..22d80d7 100644 --- a/recipes-security/sssd/sssd_1.16.4.bb +++ b/recipes-security/sssd/sssd_1.16.4.bb | |||
@@ -8,13 +8,16 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | |||
8 | DEPENDS = "openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive" | 8 | DEPENDS = "openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive" |
9 | DEPENDS += "libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent" | 9 | DEPENDS += "libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent" |
10 | 10 | ||
11 | SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\ | 11 | SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz \ |
12 | file://sssd.conf " | 12 | file://sssd.conf \ |
13 | file://volatiles.99_sssd \ | ||
14 | file://fix-ldblibdir.patch \ | ||
15 | " | ||
13 | 16 | ||
14 | SRC_URI[md5sum] = "757bbb6f15409d8d075f4f06cb678d50" | 17 | SRC_URI[md5sum] = "757bbb6f15409d8d075f4f06cb678d50" |
15 | SRC_URI[sha256sum] = "6bb212cd6b75b918e945c24e7c3f95a486fb54d7f7d489a9334cfa1a1f3bf959" | 18 | SRC_URI[sha256sum] = "6bb212cd6b75b918e945c24e7c3f95a486fb54d7f7d489a9334cfa1a1f3bf959" |
16 | 19 | ||
17 | inherit autotools pkgconfig gettext python3-dir features_check | 20 | inherit autotools pkgconfig gettext python3-dir features_check systemd |
18 | 21 | ||
19 | REQUIRED_DISTRO_FEATURES = "pam" | 22 | REQUIRED_DISTRO_FEATURES = "pam" |
20 | 23 | ||
@@ -38,11 +41,17 @@ PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss," | |||
38 | PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto" | 41 | PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto" |
39 | PACKAGECONFIG[nscd] = "--with-nscd=${sbindir}, --with-nscd=no " | 42 | PACKAGECONFIG[nscd] = "--with-nscd=${sbindir}, --with-nscd=no " |
40 | PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl" | 43 | PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl" |
41 | PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/, --with-systemdunitdir=" | 44 | PACKAGECONFIG[systemd] = "--with-initscript=systemd,--with-initscript=sysv" |
42 | PACKAGECONFIG[http] = "--with-secrets, --without-secrets, apache2" | 45 | PACKAGECONFIG[http] = "--with-secrets, --without-secrets, apache2" |
43 | PACKAGECONFIG[curl] = "--with-secrets --with-kcm, --without-secrets --without-kcm, curl" | 46 | PACKAGECONFIG[curl] = "--with-secrets --with-kcm, --without-secrets --without-kcm, curl" |
44 | 47 | ||
45 | EXTRA_OECONF += "--disable-cifs-idmap-plugin --without-nfsv4-idmapd-plugin --without-ipa-getkeytab" | 48 | EXTRA_OECONF += " \ |
49 | --disable-cifs-idmap-plugin \ | ||
50 | --without-nfsv4-idmapd-plugin \ | ||
51 | --without-ipa-getkeytab \ | ||
52 | --without-python2-bindings \ | ||
53 | --enable-pammoddir=${base_libdir}/security \ | ||
54 | " | ||
46 | 55 | ||
47 | do_configure_prepend() { | 56 | do_configure_prepend() { |
48 | mkdir -p ${AUTOTOOLS_AUXDIR}/build | 57 | mkdir -p ${AUTOTOOLS_AUXDIR}/build |
@@ -57,6 +66,12 @@ do_install () { | |||
57 | rmdir --ignore-fail-on-non-empty "${D}/${bindir}" | 66 | rmdir --ignore-fail-on-non-empty "${D}/${bindir}" |
58 | install -d ${D}/${sysconfdir}/${BPN} | 67 | install -d ${D}/${sysconfdir}/${BPN} |
59 | install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN} | 68 | install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN} |
69 | install -D -m 644 ${WORKDIR}/volatiles.99_sssd ${D}/${sysconfdir}/default/volatiles/99_sssd | ||
70 | |||
71 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
72 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
73 | echo "d /var/log/sssd 0750 - - - -" > ${D}${sysconfdir}/tmpfiles.d/sss.conf | ||
74 | fi | ||
60 | 75 | ||
61 | # Remove /var/run as it is created on startup | 76 | # Remove /var/run as it is created on startup |
62 | rm -rf ${D}${localstatedir}/run | 77 | rm -rf ${D}${localstatedir}/run |
@@ -74,10 +89,24 @@ CONFFILES_${PN} = "${sysconfdir}/${BPN}/${BPN}.conf" | |||
74 | 89 | ||
75 | INITSCRIPT_NAME = "sssd" | 90 | INITSCRIPT_NAME = "sssd" |
76 | INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." | 91 | INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." |
77 | SYSTEMD_SERVICE_${PN} = "${BPN}.service" | 92 | SYSTEMD_SERVICE_${PN} = " \ |
93 | sssd-autofs.service \ | ||
94 | sssd-autofs.socket \ | ||
95 | sssd-ifp.service \ | ||
96 | sssd-nss.service \ | ||
97 | sssd-nss.socket \ | ||
98 | sssd-pam-priv.socket \ | ||
99 | sssd-pam.service \ | ||
100 | sssd-pam.socket \ | ||
101 | sssd-secrets.service \ | ||
102 | sssd-secrets.socket \ | ||
103 | sssd.service \ | ||
104 | sssd-sudo.service \ | ||
105 | sssd-sudo.socket \ | ||
106 | " | ||
78 | SYSTEMD_AUTO_ENABLE = "disable" | 107 | SYSTEMD_AUTO_ENABLE = "disable" |
79 | 108 | ||
80 | FILES_${PN} += "${libdir} ${datadir} /run ${libdir}/*.so* " | 109 | FILES_${PN} += "${libdir} ${datadir} ${base_libdir}/security/pam_sss.so" |
81 | FILES_${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" | 110 | FILES_${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" |
82 | 111 | ||
83 | # The package contains symlinks that trip up insane | 112 | # The package contains symlinks that trip up insane |