summaryrefslogtreecommitdiff
blob: fb9335bdb62a8f8b65979d674a94b3f5841a15df (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

DESCRIPTION="Daemon to proxy GSSAPI context establishment and channel handling"
HOMEPAGE="https://github.com/gssapi/gssproxy"
SRC_URI="https://github.com/gssapi/${PN}/releases/download/v${PV}/${P}.tar.gz"

LICENSE="BSD-1"
SLOT="0"
KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ppc64 ~s390 ~sparc x86"
IUSE="debug selinux systemd"

COMMON_DEPEND=">=dev-libs/libverto-0.2.2
	>=dev-libs/ding-libs-0.6.1
	virtual/krb5
	selinux? ( sys-libs/libselinux )"
RDEPEND="${COMMON_DEPEND}
	selinux? ( sec-policy/selinux-gssproxy )"
# We need xml stuff to build the man pages, and people really want/need
# the man pages for this package :). #585200
BDEPEND="
	app-text/docbook-xml-dtd:4.4
	dev-libs/libxslt
	virtual/pkgconfig
"

# Many requirements to run tests, including running slapd as root, hence
# unfeasible.
RESTRICT="test"

# pkg_setup() {
#	# Here instead of flag-logic in DEPEND, since virtual/krb5 does not
#	# allow to specify the openldap use flag, which heimdal doesn't
#	# support.
#	# Using mit-krb5 explicitly because heimdal doesn't install kerberos
#	# schemata required for the tests of gss-proxy.
#	if use test && ! has_version "app-crypt/mit-krb5[openldap]"; then
#		eerror "Tests of this package require the kerberos schemata installed from app-crypt/mit-krb5[openldap]."
#		die "Tests enabled but no app-crypt/mit-krb5[openldap] being installed."
#	fi
# }

# Was required in 0.7.0 to fix the schema- and slapd-path. Reason for
# comment: see RESTRICT comment
# src_prepare() {
#	default
#	# The tests look for kerberos schemata in the documentation
#	# directory of krb5, however these are installed in /etc/openldap
#	# and only if the openldap useflag is supplied
#	sed -i \
#		-e 's#/usr/share/doc/krb5-server-ldap*#/etc/openldap/schema#' \
#		-e "s#\(subprocess.Popen..\"\)slapd#\1/usr/$(get_libdir)/openldap/slapd#" \
#		"${S}/tests/testlib.py" || die
# }

src_configure() {
	local myeconfargs=(
		# The build assumes localstatedir is /var and takes care of
		# using all the right subdirs itself.
		--localstatedir="${EPREFIX}"/var

		--with-os=gentoo
		--with-initscript=$(usex systemd systemd none)
		$(use_with selinux)
		$(use_with debug gssidebug)

		# We already set FORTIFY_SOURCE by default along with the
		# other bits. But setting it on each compile line interferes
		# with efforts to try e.g. FORTIFY_SOURCE=3. So, disable it,
		# but there's no actual difference to the safety of the binaries
		# because of Gentoo's configuration/patches to the toolchain.
		--without-hardening
	)

	econf "${myeconfargs[@]}"
}

src_install() {
	default

	# This is a plugin module, so no need for la file.
	find "${ED}"/usr -name proxymech.la -delete || die

	doinitd "${FILESDIR}"/gssproxy
	insinto /etc/gssproxy
	doins examples/*.conf

	keepdir /var/lib/gssproxy
	keepdir /var/lib/gssproxy/clients
	keepdir /var/lib/gssproxy/rcache
	fperms 0700 /var/lib/gssproxy/clients
	fperms 0700 /var/lib/gssproxy/rcache

	# The build installs a bunch of empty dirs, so prune them.
	find "${ED}" -depth -type d -empty -delete || die
}