# Maintainer: Natanael Copa # Contributor: Jakub Jirutka # # secfixes: # 2.4.57-r1: # - CVE-2021-27212 # 2.4.57-r0: # - CVE-2020-36221 # - CVE-2020-36222 # - CVE-2020-36223 # - CVE-2020-36224 # - CVE-2020-36225 # - CVE-2020-36226 # - CVE-2020-36227 # - CVE-2020-36228 # - CVE-2020-36229 # - CVE-2020-36230 # 2.4.56-r0: # - CVE-2020-25709 # - CVE-2020-25710 # 2.4.50-r0: # - CVE-2020-12243 # 2.4.48-r0: # - CVE-2019-13565 # - CVE-2019-13057 # 2.4.46-r0: # - CVE-2017-14159 # - CVE-2017-17740 # 2.4.44-r5: # - CVE-2017-9287 # pkgname=openldap pkgver=2.6.0 pkgrel=0 pkgdesc="LDAP Server" url="https://www.openldap.org/" arch="all" license="OLDAP-2.8" pkgusers="ldap" pkggroups="ldap" depends_dev=" cyrus-sasl-dev libsodium-dev openssl1.1-compat-dev util-linux-dev " makedepends=" $depends_dev autoconf automake db-dev groff libtool mosquitto-dev unixodbc-dev " provides="$pkgname-back-monitor=$pkgver-r$pkgrel" # for backward compatibility (Alpine <3.15) subpackages=" $pkgname-dev $pkgname-doc libldap $pkgname-clients $pkgname-mqtt $pkgname-passwd-argon2:passwd_argon2 $pkgname-passwd-pbkdf2:passwd_pbkdf2 $pkgname-passwd-sha2:passwd_sha2 $pkgname-backend-all:_backend_all:noarch $pkgname-overlay-all:_overlay_all:noarch $pkgname-openrc " install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade" source="https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-$pkgver.tgz openldap-2.4-ppolicy.patch openldap-2.4.11-libldap_r.patch openldap-mqtt-overlay.patch fix-manpages.patch cacheflush.patch slapd.initd slapd.confd " # SLAPD backends _backends=" asyncmeta dnssrv ldap mdb meta null passwd relay sock sql " for _name in $_backends; do subpackages="$subpackages $pkgname-back-$_name:_backend" _backend_pkgs="$_backend_pkgs $pkgname-back-$_name" done # SLAPD overlays _overlays=" accesslog auditlog autoca collect constraint dds deref dyngroup dynlist homedir lastbind memberof otp ppolicy proxycache refint remoteauth retcode rwm seqmod sssvlv syncprov translucent unique valsort " _overlay_pkgs="" for _name in $_overlays; do subpackages="$subpackages $pkgname-overlay-$_name:_overlay" _overlay_pkgs="$_overlay_pkgs $pkgname-overlay-$_name" done # Some tests hang on aarch64 [ "$CARCH" = "aarch64" ] && options="!check" prepare() { default_prepare sed -i '/^STRIP/s,-s,,g' build/top.mk AUTOMAKE=/bin/true autoreconf -fi } build() { ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --libexecdir=/usr/lib \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --localstatedir=/var/lib/openldap \ --enable-dynamic \ --enable-slapd \ --enable-crypt \ --enable-spasswd \ --enable-modules \ --enable-dnssrv=mod \ --enable-ldap=mod \ --enable-mdb=mod \ --enable-meta=mod \ --enable-asyncmeta=mod \ --enable-null=mod \ --enable-passwd=mod \ --enable-relay=mod \ --enable-sock=mod \ --enable-sql=mod \ --enable-overlays=mod \ --enable-argon2 \ --with-tls=openssl \ --with-systemd=no \ --with-cyrus-sasl make # Build MQTT overlay. make prefix=/usr libexec=/usr/lib \ -C contrib/slapd-modules/mqtt # Build passwd pbkdf2. make prefix=/usr libexecdir=/usr/lib \ -C contrib/slapd-modules/passwd/pbkdf2 # Build passwd sha2. make prefix=/usr libexecdir=/usr/lib \ -C contrib/slapd-modules/passwd/sha2 # Build lastbind overlay. make prefix=/usr libexecdir=/usr/lib \ -C contrib/slapd-modules/lastbind } check() { # failing network tests on some platforms rm -f tests/scripts/test079-proxy-timeout case "$CARCH" in arm*|x86) ;; *) make test ;; esac } package() { make DESTDIR="$pkgdir" install # Install MQTT overlay. make DESTDIR="$pkgdir" prefix=/usr libexec=/usr/lib \ -C contrib/slapd-modules/mqtt install # Install passwd pbkdf2. make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \ -C contrib/slapd-modules/passwd/pbkdf2 install # Install passwd sha2. make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \ -C contrib/slapd-modules/passwd/sha2 install # Install lastbind overlay. make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \ -C contrib/slapd-modules/lastbind install cd "$pkgdir" rmdir var/lib/openldap/run # Fix tools symlinks to slapd. find usr/sbin/ -type l -exec ln -sf slapd {} \; # Move executable from lib to sbin. mv usr/lib/slapd usr/sbin/ # Move *.default configs to docs. mkdir -p usr/share/doc/$pkgname mv etc/openldap/*.default usr/share/doc/$pkgname/ chgrp ldap etc/openldap/slapd.* chmod g+r etc/openldap/slapd.* install -d -m 700 -o ldap -g ldap \ var/lib/openldap \ var/lib/openldap/openldap-data install -D -m 755 "$srcdir"/slapd.initd etc/init.d/slapd install -D -m 644 "$srcdir"/slapd.confd etc/conf.d/slapd } libldap() { pkgdesc="OpenLDAP libraries" depends="" provides="" amove usr/lib/*.so* amove etc/openldap/ldap.conf } clients() { pkgdesc="LDAP client utilities" provides="" amove usr/bin } mqtt() { pkgdesc="OpenLDAP MQTT overlay" depends="$pkgname" provides="" amove usr/lib/openldap/mqtt.* } passwd_argon2() { pkgdesc="Argon2 OpenLDAP support" depends="$pkgname" provides="" amove usr/lib/openldap/argon2.* } passwd_pbkdf2() { pkgdesc="PBKDF2 OpenLDAP support" depends="$pkgname" provides="" amove usr/lib/openldap/pw-pbkdf2.* } passwd_sha2() { pkgdesc="SHA2 OpenLDAP support" depends="$pkgname" provides="" amove usr/lib/openldap/pw-sha2.* } _backend_all() { pkgdesc="Virtual package that installs all OpenLDAP backends" depends="$_backend_pkgs" provides="" mkdir -p "$subpkgdir" } _overlay_all() { pkgdesc="Virtual package that installs all OpenLDAP overlays" depends="$_overlay_pkgs" provides="" mkdir -p "$subpkgdir" } _backend() { backend_name="${subpkgname#openldap-back-}" pkgdesc="OpenLDAP $backend_name backend" provides="" amove usr/lib/openldap/back_$backend_name* } _overlay() { overlay_name="${subpkgname#openldap-overlay-}" pkgdesc="OpenLDAP $overlay_name overlay" provides="" case "$overlay_name" in proxycache) overlay_name=pcache;; esac amove usr/lib/openldap/$overlay_name* } sha512sums=" c0bb15468cac326acab438939ef902e9fd07a17b1eb81f21ebe5ad121096ddd640040ec696bb8dac4eaa4a73a6916acba57c3558de08cc678157a3ccdead5a67 openldap-2.6.0.tgz f0014ceb13f0ce6a791be09b613727a12e7d18420c25ab1cad835c2efae436653a667ece3043c355efe790840744b74ca3214142c00b349ffc1cb45016995096 openldap-2.4-ppolicy.patch 23ac28366cde7e0aa06fc22de86a266a41ec53b0ec39b41af2c2e6f0faee87be93e86af1ebeba71364e8571a836f8aefecee8b485052c6a768d0d3809a60b8ba openldap-2.4.11-libldap_r.patch 3c8cf27752cbc33ffb3cd10a9c67a16dff7188e512ce674076e96f552759e152a82e0bc5a8fdc9ac6866a7dbeb0e4724248e2f94a7e9c7862f26ffeb24409c0b openldap-mqtt-overlay.patch 0f43a4b8c6d436ad0a39d804af58da13732e3ebb0e18404f794db39af8f9140e553429eaf0ad4e4480212bf24eb9286a8397f1228a5352b210b25bd30a5f7016 fix-manpages.patch 60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff cacheflush.patch 2d286ff7cc56153204f3ab79c464d083801a40cc9bbb0b5cc1fb19de63d6e81c953b1ab0edd256d9ba48144bbda9a0c0d628bfec1342129aa2727344dea5fa9e slapd.initd 64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd "