Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | SUMMARY = "A network authentication protocol" |
| 2 | DESCRIPTION = "Kerberos is a system for authenticating users and services on a network. \ |
| 3 | Kerberos is a trusted third-party service. That means that there is a \ |
| 4 | third party (the Kerberos server) that is trusted by all the entities on \ |
| 5 | the network (users and services, usually called "principals"). \ |
| 6 | . \ |
| 7 | This is the MIT reference implementation of Kerberos V5. \ |
| 8 | . \ |
| 9 | This package contains the Kerberos key server (KDC). The KDC manages all \ |
| 10 | authentication credentials for a Kerberos realm, holds the master keys \ |
| 11 | for the realm, and responds to authentication requests. This package \ |
| 12 | should be installed on both master and slave KDCs." |
| 13 | |
| 14 | HOMEPAGE = "http://web.mit.edu/Kerberos/" |
| 15 | SECTION = "console/network" |
| 16 | LICENSE = "MIT" |
| 17 | LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=f64248328d2d9928e1f04158b5243e7f" |
| 18 | DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native" |
| 19 | |
| 20 | inherit autotools-brokensep binconfig perlnative |
| 21 | |
| 22 | SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" |
| 23 | SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar \ |
| 24 | file://0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch \ |
| 25 | file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \ |
| 26 | file://Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch;striplevel=2 \ |
| 27 | file://Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch;striplevel=2 \ |
| 28 | file://Fix-build_principal-memory-bug-CVE-2015-2697.patch;striplevel=2 \ |
| 29 | file://Fix-IAKERB-context-export-import-CVE-2015-2698.patch;striplevel=2 \ |
| 30 | file://crosscompile_nm.patch \ |
| 31 | file://etc/init.d/krb5-kdc \ |
| 32 | file://etc/init.d/krb5-admin-server \ |
| 33 | file://etc/default/krb5-kdc \ |
| 34 | file://etc/default/krb5-admin-server \ |
| 35 | file://krb5-CVE-2016-3119.patch;striplevel=2 \ |
| 36 | " |
| 37 | SRC_URI[md5sum] = "f7ebfa6c99c10b16979ebf9a98343189" |
| 38 | SRC_URI[sha256sum] = "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3ff6de1" |
| 39 | |
| 40 | S = "${WORKDIR}/${BP}/src" |
| 41 | |
| 42 | PACKAGECONFIG ??= "openssl" |
| 43 | PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" |
| 44 | PACKAGECONFIG[openssl] = "--with-pkinit-crypto-impl=openssl,,openssl" |
| 45 | PACKAGECONFIG[keyutils] = "--enable-keyutils,--disable-keyutils,keyutils" |
| 46 | PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" |
| 47 | PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" |
| 48 | |
| 49 | EXTRA_OECONF += " --without-tcl --with-system-et --disable-rpath" |
| 50 | CACHED_CONFIGUREVARS += "krb5_cv_attr_constructor_destructor=yes ac_cv_func_regcomp=yes \ |
| 51 | ac_cv_printf_positional=yes ac_cv_file__etc_environment=yes \ |
| 52 | ac_cv_file__etc_TIMEZONE=no" |
| 53 | |
| 54 | CFLAGS_append += "-DDESTRUCTOR_ATTR_WORKS=1 -I${STAGING_INCDIR}/et" |
| 55 | LDFLAGS_append += "-lpthread" |
| 56 | |
| 57 | FILES_${PN} += "${datadir}/gnats" |
| 58 | FILES_${PN}-doc += "${datadir}/examples" |
| 59 | FILES_${PN}-dbg += "${libdir}/krb5/plugins/*/.debug" |
| 60 | |
| 61 | # As this recipe doesn't inherit update-rc.d, we need to add this dependency here |
| 62 | RDEPENDS_${PN}_class-target += "initscripts-functions" |
| 63 | |
| 64 | krb5_do_unpack() { |
| 65 | # ${P}-signed.tar contains ${P}.tar.gz.asc and ${P}.tar.gz |
| 66 | tar xzf ${WORKDIR}/${BP}.tar.gz -C ${WORKDIR}/ |
| 67 | } |
| 68 | |
| 69 | python do_unpack() { |
| 70 | bb.build.exec_func('base_do_unpack', d) |
| 71 | bb.build.exec_func('krb5_do_unpack', d) |
| 72 | } |
| 73 | |
| 74 | do_configure() { |
| 75 | gnu-configize --force |
| 76 | autoreconf |
| 77 | oe_runconf |
| 78 | } |
| 79 | |
| 80 | do_install_append() { |
| 81 | mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default |
| 82 | install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d |
| 83 | install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default |
| 84 | |
| 85 | rm -rf ${D}/${localstatedir}/run |
| 86 | mkdir -p ${D}/${sysconfdir}/default/volatiles |
| 87 | echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \ |
| 88 | > ${D}${sysconfdir}/default/volatiles/87_krb5 |
| 89 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then |
| 90 | install -d ${D}${sysconfdir}/tmpfiles.d |
| 91 | echo "d /run/krb5kdc - - - -" \ |
| 92 | > ${D}${sysconfdir}/tmpfiles.d/krb5.conf |
| 93 | fi |
| 94 | |
| 95 | } |
| 96 | |
| 97 | pkg_postinst_${PN} () { |
| 98 | if [ -z "$D" ]; then |
| 99 | if command -v systemd-tmpfiles >/dev/null; then |
| 100 | systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/krb5.conf |
| 101 | elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then |
| 102 | ${sysconfdir}/init.d/populate-volatile.sh update |
| 103 | fi |
| 104 | fi |
| 105 | } |
| 106 | |
| 107 | BBCLASSEXTEND = "native nativesdk" |