You are not logged in.

#1 2019-04-24 12:26:23

columbarius
Member
Registered: 2018-07-08
Posts: 11

[SOLVED] ipasam

Ipasam.so is like ldapsam the library to connect samba via a passwd backend with the freeipa.

I managed to build it from the freeipa github, because in the releases there is the undefined C11 function memset_s used (https://bugzilla.redhat.com/show_bug.cgi?id=1672231). To build it the current samba release for the header talloc_stack.h and a modified version of the patch from freeipa packages in the aur (https://aur.archlinux.org/packages/freeipa-common/) for the masterbranch of freeipa is used.
With those sources i was able to build the library and then tried to create an PKGBUILD. I came up with an package build which works on my machine, while trying to figure out all makedepends on an new virtual machine I wasn't able to get it working.

Furthermore this is my first PKGBUILD so I am not sure if i should use the samba or freeipa version as pkgver and if this is up to all standards.

PKGBUILD:

# Maintainer:

pkgname=ipasam-git
pkgver=4.6.4
pkgrel=1
pkgdesc="Plugin for samba freeipa authentication backend"
arch=('x86_64')
url="https://github.com/freeipa/freeipa.git"
licence=('GPL3')
depends=('samba')
makedepends=('git'
             'xmlrpc-c>=1.27.4'
             'nspr'
             'nss'
             'ding-libs')
provides=('ipasam')
sambaver=4.10.2
source=("https://download.samba.org/pub/samba/stable/samba-$sambaver.tar.gz"
	"freeipa-git"::"git+https://github.com/freeipa/freeipa.git"
	"0001-platform-add-Arch-Linux-platform.patch")
sha1sums=('SKIP'
	  'SKIP'
	  'SKIP')

prepare() {
    cd "freeipa-git"

    rm -rf ipaplatform/arch

    patch -p1 -i"$srcdir"/0001-platform-add-Arch-Linux-platform.patch

}



#pkgver () {
#	_date=`date +"%Y%m%d"`
#	cd "${srcdir}/${pkgname}-git"
#	echo "$_date.$(git rev-list --count master).$(git rev-parse --short master)"
#}

build () {
	cd "$srcdir/freeipa-git"
	LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h CFLAGS="-I$srcdir/samba-$sambaver/lib/" ./autogen.sh
	cd asn1
	make
	cd ../util
	make
	cd ../daemons/ipa-sam
	make
}

package () {
	install -D -m755 -t"$pkgdir"/usr/lib/samba/pdb "$srcdir"/freeipa-git/daemons/ipa-sam/.libs/ipasam.so
}

0001-platform-add-Arch-Linux-platform.patch:

From 7af1f4b3c8d0130f6c6d61765d8396b2e8b7a508 Mon Sep 17 00:00:00 2001
From: Xiao-Long Chen <chenxiaolong@cxl.epac.to>
Date: Wed, 16 Apr 2014 19:31:08 -0400
Subject: [PATCH 2/2] platform: add Arch Linux platform

This patch has been adapted from the patches provided with freeipa package
in the Arch User Repository (AUR).

Signed-off-by: Jan Cholasta <jcholast@redhat.com>
---
 client/man/ipa-client-automount.1 |  4 ++--
 ipaplatform/arch/__init__.py      |  3 +++
 ipaplatform/arch/constants.py     | 12 ++++++++++++
 ipaplatform/arch/paths.py         | 22 ++++++++++++++++++++++
 ipaplatform/arch/services.py      | 30 ++++++++++++++++++++++++++++++
 ipaplatform/arch/tasks.py         | 19 +++++++++++++++++++
 ipaplatform/setup.py              |  1 +
 8 files changed, 91 insertions(+), 4 deletions(-)
 create mode 100644 ipaplatform/arch/__init__.py
 create mode 100644 ipaplatform/arch/constants.py
 create mode 100644 ipaplatform/arch/paths.py
 create mode 100644 ipaplatform/arch/services.py
 create mode 100644 ipaplatform/arch/tasks.py

diff --git a/client/man/ipa-client-automount.1 b/client/man/ipa-client-automount.1
index 8b9989dec..2399250b1 100644
--- a/client/man/ipa-client-automount.1
+++ b/client/man/ipa-client-automount.1
@@ -29,7 +29,7 @@ The automount configuration consists of three files:
 .IP  o
 /etc/nsswitch.conf
 .IP  o
-/etc/sysconfig/autofs
+/etc/conf.d/autofs
 .IP  o
 /etc/autofs_ldap_auth.conf
 
@@ -79,7 +79,7 @@ Files that will be configured when SSSD is the automount client (default):
 .TP
 Files that will be configured when using the ldap automount client:
 
-/etc/sysconfig/autofs
+/etc/conf.d/autofs
 
 /etc/autofs_ldap_auth.conf

diff --git a/ipaplatform/arch/__init__.py b/ipaplatform/arch/__init__.py
new file mode 100644
index 000000000..9da42e7b4
--- /dev/null
+++ b/ipaplatform/arch/__init__.py
@@ -0,0 +1,3 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
diff --git a/ipaplatform/arch/constants.py b/ipaplatform/arch/constants.py
new file mode 100644
index 000000000..b4857aa7c
--- /dev/null
+++ b/ipaplatform/arch/constants.py
@@ -0,0 +1,12 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat.constants import RedHatConstantsNamespace
+
+
+class ArchConstantsNamespace(RedHatConstantsNamespace):
+    pass
+
+
+constants = ArchConstantsNamespace()
diff --git a/ipaplatform/arch/paths.py b/ipaplatform/arch/paths.py
new file mode 100644
index 000000000..27721cf2f
--- /dev/null
+++ b/ipaplatform/arch/paths.py
@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat.paths import RedHatPathNamespace
+
+
+class ArchPathNamespace(RedHatPathNamespace):
+    AUTOFS_LDAP_AUTH_CONF = "/etc/autofs/autofs_ldap_auth.conf"
+    CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
+    SYSCONFIG_NFS = "/etc/conf.d/nfs-common.conf"
+    SYSCONFIG_NTPD = "/etc/conf.d/ntpd.conf"
+    SYSCONFIG_AUTOFS = "/etc/default/autofs"
+    DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = (
+        "/usr/lib/certmonger/certmonger/dogtag-ipa-ca-renew-agent-submit")
+    DOGTAG_IPA_RENEW_AGENT_SUBMIT = (
+        "/usr/lib/certmonger/certmonger/dogtag-ipa-renew-agent-submit")
+    IPA_SERVER_GUARD = "/usr/lib/certmonger/certmonger/ipa-server-guard"
+    LIB64_FIREFOX = "/usr/lib/firefox"
+
+
+paths = ArchPathNamespace()
diff --git a/ipaplatform/arch/services.py b/ipaplatform/arch/services.py
new file mode 100644
index 000000000..4ddfb53c9
--- /dev/null
+++ b/ipaplatform/arch/services.py
@@ -0,0 +1,30 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat import services as redhat_services
+
+arch_system_units = dict(redhat_services.redhat_system_units)
+arch_system_units['messagebus'] = 'dbus.service'
+arch_system_units['rpcgssd'] = 'rpc-gssd.service'
+arch_system_units['rpcidmapd'] = 'rpc-idmapd.service'
+
+
+class ArchService(redhat_services.RedHatService):
+    system_units = arch_system_units
+
+
+def arch_service_class_factory(name, api=None):
+    if name in {'messagebus', 'rpcgssd', 'rpcidmapd'}:
+        return ArchService(name, api)
+    return redhat_services.redhat_service_class_factory(name, api)
+
+
+class ArchServices(redhat_services.RedHatServices):
+    def service_class_factory(self, name, api=None):
+        return arch_service_class_factory(name, api)
+
+
+timedate_services = redhat_services.timedate_services
+service = arch_service_class_factory
+knownservices = ArchServices()
diff --git a/ipaplatform/arch/tasks.py b/ipaplatform/arch/tasks.py
new file mode 100644
index 000000000..58b837d79
--- /dev/null
+++ b/ipaplatform/arch/tasks.py
@@ -0,0 +1,19 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.arch.paths import paths
+from ipaplatform.redhat.tasks import RedHatTaskNamespace
+
+
+class ArchTaskNamespace(RedHatTaskNamespace):
+    def restore_network_configuration(self, fstore, statestore):
+        filepath = paths.ETC_HOSTNAME
+        if fstore.has_file(filepath):
+            fstore.restore_file(filepath)
+
+    def is_fips_enabled(self):
+        return False
+
+
+tasks = ArchTaskNamespace()
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 501e2bc56..b47875164 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -33,6 +33,7 @@ if __name__ == '__main__':
         package_dir={'ipaplatform': ''},
         namespace_packages=['ipaplatform'],
         packages=[
             "ipaplatform",
+            "ipaplatform.arch",
             "ipaplatform.base",
             "ipaplatform.debian",
             "ipaplatform.fedora",
-- 
2.13.3

Last edited by columbarius (2019-05-30 20:56:41)

Offline

#2 2019-04-26 18:13:53

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [SOLVED] ipasam

licence=('GPL3')

should be

license=('GPL3')
pkgname=ipasam-git
....
source=("https://download.samba.org/pub/samba/stable/samba-$sambaver.tar.gz"
	"freeipa-git"::"git+https://github.com/freeipa/freeipa.git"
	"0001-platform-add-Arch-Linux-platform.patch")
....
#pkgver () {
#	_date=`date +"%Y%m%d"`
#	cd "${srcdir}/${pkgname}-git"
#	echo "$_date.$(git rev-list --count master).$(git rev-parse --short master)"
#}

The git suffix matches the use of the git repository but the pkgver function should be supplied.

sha1sums=('SKIP'
	  'SKIP'
	  'SKIP')

Please do supply checksums for anything that is not a VCS.

The following built for me in a clean chroot.

# Maintainer:

pkgname=ipasam-git
pkgver=4.7.0.2.r843.gbdce9164a
pkgrel=1
pkgdesc="Plugin for samba freeipa authentication backend"
arch=('x86_64')
url="https://github.com/freeipa/freeipa.git"
license=('GPL3')
depends=('samba' 'sssd')
makedepends=('git'
             'xmlrpc-c>=1.27.4'
             'nspr'
             'nss'
             '389-ds-base')
provides=('ipasam')
source=("git+https://github.com/freeipa/freeipa.git"
        "0001-platform-add-Arch-Linux-platform.patch")
sha1sums=('SKIP'
          'c5b6e96d31c370986cf8a92d48f7de30ea9dc551')

pkgver() {
  cd freeipa
  git describe --long | sed 's/^\(release-\|rc_\)//;s/\([^-]*-g\)/r\1/;s/-/./g'
}

prepare() {
  cd freeipa
  rm -rf ipaplatform/arch
  patch -p1 -i"$srcdir"/0001-platform-add-Arch-Linux-platform.patch
}

build () {
  cd freeipa
  autoreconf -fi
  LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h ./configure
  cd asn1
  make
  cd ../util
  make
  cd ../daemons/ipa-sam
  make
}

package () {
  install -D -m755 -t"$pkgdir"/usr/lib/samba/pdb "$srcdir"/freeipa/daemons/ipa-sam/.libs/ipasam.so
}

Why not adopt the freeipa package or create a freeipa-git package and add ipasam to that?

Last edited by loqs (2019-04-26 18:14:17)

Offline

#3 2019-05-30 20:10:43

columbarius
Member
Registered: 2018-07-08
Posts: 11

Re: [SOLVED] ipasam

Thank you for your answer, it worked. I tried to fix the freeipa PKGBUILD, but didn't get it working, cause lack of knowledge about the freeipa project.
My best attempt was this PKGBUILD, which fails to package freeipa-common:

# Maintainer: Jan Cholasta <grubber at grubber cz>
# Contributor: Xiao-Long Chen <chenxiaolong@cxl.epac.to>

pkgbase=freeipa-git
pkgname=(python-ipalib
         python-ipaclient
         freeipa-common
         freeipa-client-common
         freeipa-client
	 ipasam-git)
pkgver=4.7.4
pkgrel=1
pkgdesc='The Identity, Policy and Audit system'
arch=('i686' 'x86_64')
url='http://www.freeipa.org/'
license=('GPL3')
makedepends=('openldap'
             'krb5>=1.15.1'
             'xmlrpc-c>=1.27.4'
             'popt'
             'gettext'
             'python'
             'python-setuptools'
             'nspr'
             'nss'
             'openssl'
             'ding-libs'
             'libsasl'
             'sssd>=1.13.0'
             'python-jinja'
             'python-pyasn1-modules'
             '389-ds-base')
options=(emptydirs)
source=("freeipa-git"::"git+https://github.com/freeipa/freeipa.git"
        0001-platform-add-Arch-Linux-platform.patch
        freeipa-client-update-sshd_config
        freeipa-client-update-sshd_config.hook)
sha256sums=('SKIP'
            'SKIP'
            '9fbac49fa4bc23afe0c4d575ea2795f1da435399289dbd04c5a3ac47580e2a0d'
            '1e73f394d276357dcd578df7a349b1f381c9edc7b1c053ecf65f7a9255c0490d')

prepare() {
    cd freeipa-git

    rm -rf ipaplatform/arch

    patch -p1 -i"$srcdir"/0001-platform-add-Arch-Linux-platform.patch
}

build() {
    cd freeipa-git

    export PYTHON=/usr/bin/python3
    # Workaround: make sure all shebangs are pointing to Python 3
    # This should be solved properly using setuptools
    # and this hack should be removed.
    find \
        ! -name '*.pyc' -a \
        ! -name '*.pyo' -a \
        -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
        -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!/usr/bin/python3|' {} \;
#    LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h ./autogen.sh --prefix=/usr \
#                --sysconfdir=/etc \
#                --sbindir=/usr/bin \
#                --with-vendor-suffix=-arch-${pkgrel} \ 
#                --disable-server \
#                --without-ipatests \
#                --disable-pylint --without-jslint

    LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h ./configure --prefix=/usr \
                --sysconfdir=/etc \
                --sbindir=/usr/bin \
                --with-vendor-suffix=-arch-${pkgrel} \
                --disable-server \
                --without-ipatests \
                --disable-pylint --without-jslint



    make

    mkdir -p ../install

    # Please put as much logic as possible into make install. It allows:
    # - easier porting to other distributions
    # - rapid devel & install cycle using make install
    #   (instead of full RPM build and installation each time)
    #
    # All files and directories created by spec install should be marked as ghost.
    # (These are typically configuration files created by IPA installer.)
    # All other artifacts should be created by make install.
    #
    # Exception to this rule are test programs which where want to install
    # Python2/3 versions at the same time so we need to rename them. Yuck.

    # Python 3 installation needs to be done first. Subsequent Python 2 install
    # will overwrite /usr/bin/ipa and other scripts with variants using
    # python2 shebang.
    
    cd ipaclient && make install DESTDIR=../../install
    cd ..
    cd ipalib && make install DESTDIR=../../install
    cd ..
    cd ipaplatform && make install DESTDIR=../../install
    cd ..
    cd ipapython && make install DESTDIR=../../install
    cd ..

    autoreconf -fi
    LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h ./configure
    cd asn1 && make
    cd ../util && make
    cd ../daemons/ipa-sam && make
    make install DESTDIR="$PWD"/../install

    # remove files which are useful only for make uninstall
    find ../install -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;

    mkdir -p ../install/etc/ipa
    mkdir -p ../install/etc/ipa/nssdb
    mkdir -p ../install/var/lib/ipa-client/pki
    mkdir -p ../install/var/lib/ipa-client/sysrestore

    touch ../install/etc/ipa/default.conf
    touch ../install/etc/ipa/ca.crt
}

package_python-ipalib() {
    pkgdesc='Python libraries used by IPA'
    arch=('any')
    depends=("freeipa-common=$pkgver-$pkgrel"
             'python-gssapi>=1.2.0'
             'gnupg'
             'keyutils'
             'python-nss>=0.16'
             'python-cryptography>=1.4'
             'python-netaddr>=0.7.16'
             'sssd'
             'python-qrcode>=5.0.0'
             'python-pyasn1'
             'python-pyasn1-modules'
             'python-dateutil'
             'python-yubico>=1.2.3'
             'python-dbus'
             'python-setuptools'
             'python-six'
             'python-ldap'
             'python-dnspython>=1.15'
             'python-netifaces>=0.10.4'
             'python-pyusb')
    provides=("python-ipapython=$pkgver-$pkgrel"
              "python-ipaplatform=$pkgver-$pkgrel")

    cd freeipa-git

    install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
                                                        Contributors.txt

    local _file
    for _file in ../install/usr/lib/python3.*/site-packages/ipapython \
                 ../install/usr/lib/python3.*/site-packages/ipalib \
                 ../install/usr/lib/python3.*/site-packages/ipaplatform \
                 ../install/usr/lib/python3.*/site-packages/ipapython-*.egg-info \
                 ../install/usr/lib/python3.*/site-packages/ipalib-*.egg-info \
                 ../install/usr/lib/python3.*/site-packages/ipaplatform-*.egg-info
    do
        _file="${_file#../install/}"
        mkdir -p "$pkgdir"/"${_file%/*}"
        mv ../install/"$_file" "$pkgdir"/"$_file"
    done
}

package_python-ipaclient() {
    pkgdesc='Python libraries used by IPA client'
    arch=('any')
    depends=("freeipa-client-common=$pkgver-$pkgrel"
             "freeipa-common=$pkgver-$pkgrel"
             "python-ipalib=$pkgver-$pkgrel"
             'python-dnspython>=1.15'
             'python-jinja')

    cd freeipa-git

    install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
                                                        Contributors.txt

    local _file
    for _file in ../install/usr/lib/python3.*/site-packages/ipaclient \
                 ../install/usr/lib/python3.*/site-packages/ipaclient-*.egg-info
    do
        _file="${_file#../install/}"
        mkdir -p "$pkgdir"/"${_file%/*}"
        mv ../install/"$_file" "$pkgdir"/"$_file"
    done
}

package_freeipa-common() {
    pkgdesc='Common files used by IPA'
    arch=('any')
    conflicts=('freeipa-python')
    replaces=('freeipa-python')

    cd freeipa-git

    install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
                                                        Contributors.txt

    local _file
    for _file in ../install/usr/share/locale/*/*/ipa.mo
    do
        _file="${_file#../install/}"
        mkdir -p "$pkgdir"/"${_file%/*}"
        mv ../install/"$_file" "$pkgdir"/"$_file"
    done
}

package_freeipa-client-common() {
    pkgdesc='Common files used by IPA client'
    arch=('any')

    cd freeipa-git

    install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
                                                        Contributors.txt

    local _file
    for _file in ../install/etc/ipa/nssdb \
                 ../install/var/lib/ipa-client/pki \
                 ../install/var/lib/ipa-client/sysrestore \
                 ../install/usr/share/man/man5/default.conf.5*
    do
        _file="${_file#../install/}"
        mkdir -p "$pkgdir"/"${_file%/*}"
        mv ../install/"$_file" "$pkgdir"/"$_file"
    done

}

package_freeipa-client() {
    pkgdesc='IPA authentication for use on clients'
    depends=("freeipa-client-common=$pkgver-$pkgrel"
             "freeipa-common=$pkgver-$pkgrel"
             "python2-ipaclient=$pkgver-$pkgrel"
             'python2-ldap'
             'python-augeas'
             'cyrus-sasl-gssapi'
             'ntp'
             'krb5'
             'authconfig'
             'curl>=7.21.7'
             'yp-tools'
             'xmlrpc-c>=1.27.4'
             'sssd>=1.14.0'
             'certmonger>=0.78'
             'nss'
             'bind-tools'
             'oddjob'
             'python2-gssapi>=1.2.0'
             'autofs'
             'nfsidmap'
             'nfs-utils')
    conflicts=('freeipa-admintools')
    replaces=('freeipa-admintools')
    install=freeipa-client.install

    cd freeipa-git

    install -D -t"$pkgdir"/usr/share/libalpm/scripts \
            "$srcdir"/freeipa-client-update-sshd_config
    install -D -m644 -t"$pkgdir"/usr/share/libalpm/hooks \
            "$srcdir"/freeipa-client-update-sshd_config.hook \

    install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
                                                        Contributors.txt

    local _file
    for _file in ../install/etc/bash_completion.d \
                 ../install/usr/bin/ipa \
                 ../install/usr/bin/ipa-client-install \
                 ../install/usr/bin/ipa-client-automount \
                 ../install/usr/bin/ipa-certupdate \
                 ../install/usr/bin/ipa-getkeytab \
                 ../install/usr/bin/ipa-rmkeytab \
                 ../install/usr/bin/ipa-join \
                 ../install/usr/share/man/man1/ipa.1 \
                 ../install/usr/share/man/man1/ipa-getkeytab.1* \
                 ../install/usr/share/man/man1/ipa-rmkeytab.1* \
                 ../install/usr/share/man/man1/ipa-client-install.1* \
                 ../install/usr/share/man/man1/ipa-client-automount.1* \
                 ../install/usr/share/man/man1/ipa-certupdate.1* \
                 ../install/usr/share/man/man1/ipa-join.1*
    do
        _file="${_file#../install/}"
        mkdir -p "$pkgdir"/"${_file%/*}"
        mv ../install/"$_file" "$pkgdir"/"$_file"
    done
}

package_ipasam-git() {
    pkgdesc='IPA authentication for samba backend'
    depends=('samba'
             'sssd')
    conflicts=('ipasam')

    install -D -m755 -t"$pkgdir"/usr/lib/samba/pdb "$srcdir"/freeipa-git/daemons/ipa-sam/.libs/ipasam.so
}

Maybe it's helpful to someone.

Offline

#4 2019-05-30 20:12:46

columbarius
Member
Registered: 2018-07-08
Posts: 11

Re: [SOLVED] ipasam

Should i change the title from [REQUEST] to [SOLVED] as soon as i upload it to the aur?

Offline

#5 2019-05-30 20:41:09

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [SOLVED] ipasam

Yes,  when you are satisfied the issue is solved then marked the title as solved.

Offline

Board footer

Powered by FluxBB