You are not logged in.
Ipasam.so is like ldapsam the library to connect samba via a passwd backend with the freeipa.
I managed to build it from the freeipa github, because in the releases there is the undefined C11 function memset_s used (https://bugzilla.redhat.com/show_bug.cgi?id=1672231). To build it the current samba release for the header talloc_stack.h and a modified version of the patch from freeipa packages in the aur (https://aur.archlinux.org/packages/freeipa-common/) for the masterbranch of freeipa is used.
With those sources i was able to build the library and then tried to create an PKGBUILD. I came up with an package build which works on my machine, while trying to figure out all makedepends on an new virtual machine I wasn't able to get it working.
Furthermore this is my first PKGBUILD so I am not sure if i should use the samba or freeipa version as pkgver and if this is up to all standards.
PKGBUILD:
# Maintainer:
pkgname=ipasam-git
pkgver=4.6.4
pkgrel=1
pkgdesc="Plugin for samba freeipa authentication backend"
arch=('x86_64')
url="https://github.com/freeipa/freeipa.git"
licence=('GPL3')
depends=('samba')
makedepends=('git'
'xmlrpc-c>=1.27.4'
'nspr'
'nss'
'ding-libs')
provides=('ipasam')
sambaver=4.10.2
source=("https://download.samba.org/pub/samba/stable/samba-$sambaver.tar.gz"
"freeipa-git"::"git+https://github.com/freeipa/freeipa.git"
"0001-platform-add-Arch-Linux-platform.patch")
sha1sums=('SKIP'
'SKIP'
'SKIP')
prepare() {
cd "freeipa-git"
rm -rf ipaplatform/arch
patch -p1 -i"$srcdir"/0001-platform-add-Arch-Linux-platform.patch
}
#pkgver () {
# _date=`date +"%Y%m%d"`
# cd "${srcdir}/${pkgname}-git"
# echo "$_date.$(git rev-list --count master).$(git rev-parse --short master)"
#}
build () {
cd "$srcdir/freeipa-git"
LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h CFLAGS="-I$srcdir/samba-$sambaver/lib/" ./autogen.sh
cd asn1
make
cd ../util
make
cd ../daemons/ipa-sam
make
}
package () {
install -D -m755 -t"$pkgdir"/usr/lib/samba/pdb "$srcdir"/freeipa-git/daemons/ipa-sam/.libs/ipasam.so
}
0001-platform-add-Arch-Linux-platform.patch:
From 7af1f4b3c8d0130f6c6d61765d8396b2e8b7a508 Mon Sep 17 00:00:00 2001
From: Xiao-Long Chen <chenxiaolong@cxl.epac.to>
Date: Wed, 16 Apr 2014 19:31:08 -0400
Subject: [PATCH 2/2] platform: add Arch Linux platform
This patch has been adapted from the patches provided with freeipa package
in the Arch User Repository (AUR).
Signed-off-by: Jan Cholasta <jcholast@redhat.com>
---
client/man/ipa-client-automount.1 | 4 ++--
ipaplatform/arch/__init__.py | 3 +++
ipaplatform/arch/constants.py | 12 ++++++++++++
ipaplatform/arch/paths.py | 22 ++++++++++++++++++++++
ipaplatform/arch/services.py | 30 ++++++++++++++++++++++++++++++
ipaplatform/arch/tasks.py | 19 +++++++++++++++++++
ipaplatform/setup.py | 1 +
8 files changed, 91 insertions(+), 4 deletions(-)
create mode 100644 ipaplatform/arch/__init__.py
create mode 100644 ipaplatform/arch/constants.py
create mode 100644 ipaplatform/arch/paths.py
create mode 100644 ipaplatform/arch/services.py
create mode 100644 ipaplatform/arch/tasks.py
diff --git a/client/man/ipa-client-automount.1 b/client/man/ipa-client-automount.1
index 8b9989dec..2399250b1 100644
--- a/client/man/ipa-client-automount.1
+++ b/client/man/ipa-client-automount.1
@@ -29,7 +29,7 @@ The automount configuration consists of three files:
.IP o
/etc/nsswitch.conf
.IP o
-/etc/sysconfig/autofs
+/etc/conf.d/autofs
.IP o
/etc/autofs_ldap_auth.conf
@@ -79,7 +79,7 @@ Files that will be configured when SSSD is the automount client (default):
.TP
Files that will be configured when using the ldap automount client:
-/etc/sysconfig/autofs
+/etc/conf.d/autofs
/etc/autofs_ldap_auth.conf
diff --git a/ipaplatform/arch/__init__.py b/ipaplatform/arch/__init__.py
new file mode 100644
index 000000000..9da42e7b4
--- /dev/null
+++ b/ipaplatform/arch/__init__.py
@@ -0,0 +1,3 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
diff --git a/ipaplatform/arch/constants.py b/ipaplatform/arch/constants.py
new file mode 100644
index 000000000..b4857aa7c
--- /dev/null
+++ b/ipaplatform/arch/constants.py
@@ -0,0 +1,12 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat.constants import RedHatConstantsNamespace
+
+
+class ArchConstantsNamespace(RedHatConstantsNamespace):
+ pass
+
+
+constants = ArchConstantsNamespace()
diff --git a/ipaplatform/arch/paths.py b/ipaplatform/arch/paths.py
new file mode 100644
index 000000000..27721cf2f
--- /dev/null
+++ b/ipaplatform/arch/paths.py
@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat.paths import RedHatPathNamespace
+
+
+class ArchPathNamespace(RedHatPathNamespace):
+ AUTOFS_LDAP_AUTH_CONF = "/etc/autofs/autofs_ldap_auth.conf"
+ CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
+ SYSCONFIG_NFS = "/etc/conf.d/nfs-common.conf"
+ SYSCONFIG_NTPD = "/etc/conf.d/ntpd.conf"
+ SYSCONFIG_AUTOFS = "/etc/default/autofs"
+ DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = (
+ "/usr/lib/certmonger/certmonger/dogtag-ipa-ca-renew-agent-submit")
+ DOGTAG_IPA_RENEW_AGENT_SUBMIT = (
+ "/usr/lib/certmonger/certmonger/dogtag-ipa-renew-agent-submit")
+ IPA_SERVER_GUARD = "/usr/lib/certmonger/certmonger/ipa-server-guard"
+ LIB64_FIREFOX = "/usr/lib/firefox"
+
+
+paths = ArchPathNamespace()
diff --git a/ipaplatform/arch/services.py b/ipaplatform/arch/services.py
new file mode 100644
index 000000000..4ddfb53c9
--- /dev/null
+++ b/ipaplatform/arch/services.py
@@ -0,0 +1,30 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat import services as redhat_services
+
+arch_system_units = dict(redhat_services.redhat_system_units)
+arch_system_units['messagebus'] = 'dbus.service'
+arch_system_units['rpcgssd'] = 'rpc-gssd.service'
+arch_system_units['rpcidmapd'] = 'rpc-idmapd.service'
+
+
+class ArchService(redhat_services.RedHatService):
+ system_units = arch_system_units
+
+
+def arch_service_class_factory(name, api=None):
+ if name in {'messagebus', 'rpcgssd', 'rpcidmapd'}:
+ return ArchService(name, api)
+ return redhat_services.redhat_service_class_factory(name, api)
+
+
+class ArchServices(redhat_services.RedHatServices):
+ def service_class_factory(self, name, api=None):
+ return arch_service_class_factory(name, api)
+
+
+timedate_services = redhat_services.timedate_services
+service = arch_service_class_factory
+knownservices = ArchServices()
diff --git a/ipaplatform/arch/tasks.py b/ipaplatform/arch/tasks.py
new file mode 100644
index 000000000..58b837d79
--- /dev/null
+++ b/ipaplatform/arch/tasks.py
@@ -0,0 +1,19 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.arch.paths import paths
+from ipaplatform.redhat.tasks import RedHatTaskNamespace
+
+
+class ArchTaskNamespace(RedHatTaskNamespace):
+ def restore_network_configuration(self, fstore, statestore):
+ filepath = paths.ETC_HOSTNAME
+ if fstore.has_file(filepath):
+ fstore.restore_file(filepath)
+
+ def is_fips_enabled(self):
+ return False
+
+
+tasks = ArchTaskNamespace()
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 501e2bc56..b47875164 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -33,6 +33,7 @@ if __name__ == '__main__':
package_dir={'ipaplatform': ''},
namespace_packages=['ipaplatform'],
packages=[
"ipaplatform",
+ "ipaplatform.arch",
"ipaplatform.base",
"ipaplatform.debian",
"ipaplatform.fedora",
--
2.13.3
Last edited by columbarius (2019-05-30 20:56:41)
Offline
licence=('GPL3')
should be
license=('GPL3')
pkgname=ipasam-git
....
source=("https://download.samba.org/pub/samba/stable/samba-$sambaver.tar.gz"
"freeipa-git"::"git+https://github.com/freeipa/freeipa.git"
"0001-platform-add-Arch-Linux-platform.patch")
....
#pkgver () {
# _date=`date +"%Y%m%d"`
# cd "${srcdir}/${pkgname}-git"
# echo "$_date.$(git rev-list --count master).$(git rev-parse --short master)"
#}
The git suffix matches the use of the git repository but the pkgver function should be supplied.
sha1sums=('SKIP'
'SKIP'
'SKIP')
Please do supply checksums for anything that is not a VCS.
The following built for me in a clean chroot.
# Maintainer:
pkgname=ipasam-git
pkgver=4.7.0.2.r843.gbdce9164a
pkgrel=1
pkgdesc="Plugin for samba freeipa authentication backend"
arch=('x86_64')
url="https://github.com/freeipa/freeipa.git"
license=('GPL3')
depends=('samba' 'sssd')
makedepends=('git'
'xmlrpc-c>=1.27.4'
'nspr'
'nss'
'389-ds-base')
provides=('ipasam')
source=("git+https://github.com/freeipa/freeipa.git"
"0001-platform-add-Arch-Linux-platform.patch")
sha1sums=('SKIP'
'c5b6e96d31c370986cf8a92d48f7de30ea9dc551')
pkgver() {
cd freeipa
git describe --long | sed 's/^\(release-\|rc_\)//;s/\([^-]*-g\)/r\1/;s/-/./g'
}
prepare() {
cd freeipa
rm -rf ipaplatform/arch
patch -p1 -i"$srcdir"/0001-platform-add-Arch-Linux-platform.patch
}
build () {
cd freeipa
autoreconf -fi
LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h ./configure
cd asn1
make
cd ../util
make
cd ../daemons/ipa-sam
make
}
package () {
install -D -m755 -t"$pkgdir"/usr/lib/samba/pdb "$srcdir"/freeipa/daemons/ipa-sam/.libs/ipasam.so
}
Why not adopt the freeipa package or create a freeipa-git package and add ipasam to that?
Last edited by loqs (2019-04-26 18:14:17)
Offline
Thank you for your answer, it worked. I tried to fix the freeipa PKGBUILD, but didn't get it working, cause lack of knowledge about the freeipa project.
My best attempt was this PKGBUILD, which fails to package freeipa-common:
# Maintainer: Jan Cholasta <grubber at grubber cz>
# Contributor: Xiao-Long Chen <chenxiaolong@cxl.epac.to>
pkgbase=freeipa-git
pkgname=(python-ipalib
python-ipaclient
freeipa-common
freeipa-client-common
freeipa-client
ipasam-git)
pkgver=4.7.4
pkgrel=1
pkgdesc='The Identity, Policy and Audit system'
arch=('i686' 'x86_64')
url='http://www.freeipa.org/'
license=('GPL3')
makedepends=('openldap'
'krb5>=1.15.1'
'xmlrpc-c>=1.27.4'
'popt'
'gettext'
'python'
'python-setuptools'
'nspr'
'nss'
'openssl'
'ding-libs'
'libsasl'
'sssd>=1.13.0'
'python-jinja'
'python-pyasn1-modules'
'389-ds-base')
options=(emptydirs)
source=("freeipa-git"::"git+https://github.com/freeipa/freeipa.git"
0001-platform-add-Arch-Linux-platform.patch
freeipa-client-update-sshd_config
freeipa-client-update-sshd_config.hook)
sha256sums=('SKIP'
'SKIP'
'9fbac49fa4bc23afe0c4d575ea2795f1da435399289dbd04c5a3ac47580e2a0d'
'1e73f394d276357dcd578df7a349b1f381c9edc7b1c053ecf65f7a9255c0490d')
prepare() {
cd freeipa-git
rm -rf ipaplatform/arch
patch -p1 -i"$srcdir"/0001-platform-add-Arch-Linux-platform.patch
}
build() {
cd freeipa-git
export PYTHON=/usr/bin/python3
# Workaround: make sure all shebangs are pointing to Python 3
# This should be solved properly using setuptools
# and this hack should be removed.
find \
! -name '*.pyc' -a \
! -name '*.pyo' -a \
-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!/usr/bin/python3|' {} \;
# LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h ./autogen.sh --prefix=/usr \
# --sysconfdir=/etc \
# --sbindir=/usr/bin \
# --with-vendor-suffix=-arch-${pkgrel} \
# --disable-server \
# --without-ipatests \
# --disable-pylint --without-jslint
LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h ./configure --prefix=/usr \
--sysconfdir=/etc \
--sbindir=/usr/bin \
--with-vendor-suffix=-arch-${pkgrel} \
--disable-server \
--without-ipatests \
--disable-pylint --without-jslint
make
mkdir -p ../install
# Please put as much logic as possible into make install. It allows:
# - easier porting to other distributions
# - rapid devel & install cycle using make install
# (instead of full RPM build and installation each time)
#
# All files and directories created by spec install should be marked as ghost.
# (These are typically configuration files created by IPA installer.)
# All other artifacts should be created by make install.
#
# Exception to this rule are test programs which where want to install
# Python2/3 versions at the same time so we need to rename them. Yuck.
# Python 3 installation needs to be done first. Subsequent Python 2 install
# will overwrite /usr/bin/ipa and other scripts with variants using
# python2 shebang.
cd ipaclient && make install DESTDIR=../../install
cd ..
cd ipalib && make install DESTDIR=../../install
cd ..
cd ipaplatform && make install DESTDIR=../../install
cd ..
cd ipapython && make install DESTDIR=../../install
cd ..
autoreconf -fi
LIBVERTO_LIBS=/usr/lib/libverto.so LIBVERTO_CFLAGS=/usr/include/verto.h ./configure
cd asn1 && make
cd ../util && make
cd ../daemons/ipa-sam && make
make install DESTDIR="$PWD"/../install
# remove files which are useful only for make uninstall
find ../install -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;
mkdir -p ../install/etc/ipa
mkdir -p ../install/etc/ipa/nssdb
mkdir -p ../install/var/lib/ipa-client/pki
mkdir -p ../install/var/lib/ipa-client/sysrestore
touch ../install/etc/ipa/default.conf
touch ../install/etc/ipa/ca.crt
}
package_python-ipalib() {
pkgdesc='Python libraries used by IPA'
arch=('any')
depends=("freeipa-common=$pkgver-$pkgrel"
'python-gssapi>=1.2.0'
'gnupg'
'keyutils'
'python-nss>=0.16'
'python-cryptography>=1.4'
'python-netaddr>=0.7.16'
'sssd'
'python-qrcode>=5.0.0'
'python-pyasn1'
'python-pyasn1-modules'
'python-dateutil'
'python-yubico>=1.2.3'
'python-dbus'
'python-setuptools'
'python-six'
'python-ldap'
'python-dnspython>=1.15'
'python-netifaces>=0.10.4'
'python-pyusb')
provides=("python-ipapython=$pkgver-$pkgrel"
"python-ipaplatform=$pkgver-$pkgrel")
cd freeipa-git
install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
Contributors.txt
local _file
for _file in ../install/usr/lib/python3.*/site-packages/ipapython \
../install/usr/lib/python3.*/site-packages/ipalib \
../install/usr/lib/python3.*/site-packages/ipaplatform \
../install/usr/lib/python3.*/site-packages/ipapython-*.egg-info \
../install/usr/lib/python3.*/site-packages/ipalib-*.egg-info \
../install/usr/lib/python3.*/site-packages/ipaplatform-*.egg-info
do
_file="${_file#../install/}"
mkdir -p "$pkgdir"/"${_file%/*}"
mv ../install/"$_file" "$pkgdir"/"$_file"
done
}
package_python-ipaclient() {
pkgdesc='Python libraries used by IPA client'
arch=('any')
depends=("freeipa-client-common=$pkgver-$pkgrel"
"freeipa-common=$pkgver-$pkgrel"
"python-ipalib=$pkgver-$pkgrel"
'python-dnspython>=1.15'
'python-jinja')
cd freeipa-git
install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
Contributors.txt
local _file
for _file in ../install/usr/lib/python3.*/site-packages/ipaclient \
../install/usr/lib/python3.*/site-packages/ipaclient-*.egg-info
do
_file="${_file#../install/}"
mkdir -p "$pkgdir"/"${_file%/*}"
mv ../install/"$_file" "$pkgdir"/"$_file"
done
}
package_freeipa-common() {
pkgdesc='Common files used by IPA'
arch=('any')
conflicts=('freeipa-python')
replaces=('freeipa-python')
cd freeipa-git
install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
Contributors.txt
local _file
for _file in ../install/usr/share/locale/*/*/ipa.mo
do
_file="${_file#../install/}"
mkdir -p "$pkgdir"/"${_file%/*}"
mv ../install/"$_file" "$pkgdir"/"$_file"
done
}
package_freeipa-client-common() {
pkgdesc='Common files used by IPA client'
arch=('any')
cd freeipa-git
install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
Contributors.txt
local _file
for _file in ../install/etc/ipa/nssdb \
../install/var/lib/ipa-client/pki \
../install/var/lib/ipa-client/sysrestore \
../install/usr/share/man/man5/default.conf.5*
do
_file="${_file#../install/}"
mkdir -p "$pkgdir"/"${_file%/*}"
mv ../install/"$_file" "$pkgdir"/"$_file"
done
}
package_freeipa-client() {
pkgdesc='IPA authentication for use on clients'
depends=("freeipa-client-common=$pkgver-$pkgrel"
"freeipa-common=$pkgver-$pkgrel"
"python2-ipaclient=$pkgver-$pkgrel"
'python2-ldap'
'python-augeas'
'cyrus-sasl-gssapi'
'ntp'
'krb5'
'authconfig'
'curl>=7.21.7'
'yp-tools'
'xmlrpc-c>=1.27.4'
'sssd>=1.14.0'
'certmonger>=0.78'
'nss'
'bind-tools'
'oddjob'
'python2-gssapi>=1.2.0'
'autofs'
'nfsidmap'
'nfs-utils')
conflicts=('freeipa-admintools')
replaces=('freeipa-admintools')
install=freeipa-client.install
cd freeipa-git
install -D -t"$pkgdir"/usr/share/libalpm/scripts \
"$srcdir"/freeipa-client-update-sshd_config
install -D -m644 -t"$pkgdir"/usr/share/libalpm/hooks \
"$srcdir"/freeipa-client-update-sshd_config.hook \
install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README.md \
Contributors.txt
local _file
for _file in ../install/etc/bash_completion.d \
../install/usr/bin/ipa \
../install/usr/bin/ipa-client-install \
../install/usr/bin/ipa-client-automount \
../install/usr/bin/ipa-certupdate \
../install/usr/bin/ipa-getkeytab \
../install/usr/bin/ipa-rmkeytab \
../install/usr/bin/ipa-join \
../install/usr/share/man/man1/ipa.1 \
../install/usr/share/man/man1/ipa-getkeytab.1* \
../install/usr/share/man/man1/ipa-rmkeytab.1* \
../install/usr/share/man/man1/ipa-client-install.1* \
../install/usr/share/man/man1/ipa-client-automount.1* \
../install/usr/share/man/man1/ipa-certupdate.1* \
../install/usr/share/man/man1/ipa-join.1*
do
_file="${_file#../install/}"
mkdir -p "$pkgdir"/"${_file%/*}"
mv ../install/"$_file" "$pkgdir"/"$_file"
done
}
package_ipasam-git() {
pkgdesc='IPA authentication for samba backend'
depends=('samba'
'sssd')
conflicts=('ipasam')
install -D -m755 -t"$pkgdir"/usr/lib/samba/pdb "$srcdir"/freeipa-git/daemons/ipa-sam/.libs/ipasam.so
}
Maybe it's helpful to someone.
Offline
Should i change the title from [REQUEST] to [SOLVED] as soon as i upload it to the aur?
Offline
Yes, when you are satisfied the issue is solved then marked the title as solved.
Offline