From f29d569cd33a73da5ad675f43a34ad53c5cc9bc6 Mon Sep 17 00:00:00 2001 From: davidovski Date: Thu, 2 Feb 2023 14:10:02 +0000 Subject: Work --- repo/krb5/krb5-server.xibuild | 17 ++++++ repo/krb5/krb5.xibuild | 83 +++++++++++++--------------- repo/krb5/krb5kadmind.initd | 25 +++++++++ repo/krb5/krb5kdc.initd | 24 ++++++++ repo/krb5/krb5kpropd.initd | 24 ++++++++ repo/krb5/mit-krb5_krb5-config_LDFLAGS.patch | 12 ++++ 6 files changed, 140 insertions(+), 45 deletions(-) create mode 100644 repo/krb5/krb5-server.xibuild create mode 100644 repo/krb5/krb5kadmind.initd create mode 100644 repo/krb5/krb5kdc.initd create mode 100644 repo/krb5/krb5kpropd.initd create mode 100644 repo/krb5/mit-krb5_krb5-config_LDFLAGS.patch (limited to 'repo/krb5') diff --git a/repo/krb5/krb5-server.xibuild b/repo/krb5/krb5-server.xibuild new file mode 100644 index 0000000..e8edb99 --- /dev/null +++ b/repo/krb5/krb5-server.xibuild @@ -0,0 +1,17 @@ +#!/bin/sh + +DESC="The KDC and related programs for Kerberos 5" + +package() { + mkdir -p "$PKG_DEST"/usr/share \ + "$PKG_DEST"/usr/bin + install -d "$PKG_DEST"/var/lib/krb5kdc + mv "$PKG_DEST"/../krb5/usr/sbin "$subpkgdir"/usr/ + + add_from_main usr/bin/sclient + + for i in $BUILD_ROOT/*.initd; do + install -Dm755 $i \ + "$PKG_DEST"/etc/init.d/${i%.initd} + done +} diff --git a/repo/krb5/krb5.xibuild b/repo/krb5/krb5.xibuild index c38416a..92185b9 100644 --- a/repo/krb5/krb5.xibuild +++ b/repo/krb5/krb5.xibuild @@ -1,59 +1,52 @@ #!/bin/sh -MAKEDEPS="make " -DEPS="musl e2fsprogs libldap gdbm" +NAME="krb5" +DESC="The Kerberos network authentication system" + +MAKEDEPS="e2fsprogs libverto libldap openssl keyutils bison flex perl" PKG_VER=1.19.3 -SOURCE=http://kerberos.org/dist/krb5/${PKG_VER%.*}/krb5-${PKG_VER}.tar.gz +maj_min=$PKG_VER +case $PKG_VER in + *.*.*) maj_min=${PKG_VER%.*} ;; +esac + +SOURCE="https://web.mit.edu/kerberos/dist/krb5/$maj_min/krb5-$PKG_VER.tar.gz" ADDITIONAL=" - https://www.linuxfromscratch.org/patches/blfs/svn/mitkrb-${PKG_VER}-openssl3_fixes-1.patch +krb5kadmind.initd +krb5kdc.initd +krb5kpropd.initd +mit-krb5_krb5-config_LDFLAGS.patch " -DESC="The Kerberos network authentication system" - prepare () { - - # fix denial of service vulnerability - sed -i '210a if (sprinc == NULL) {\ - status = "NULL_SERVER";\ - errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;\ - goto cleanup;\ - }' src/kdc/do_tgs_req.c - - - cd src && - #these were needed for libressl - #patch -Np0 -i ../patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c - #patch -Np0 -i ../patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h - patch -Np2 -i ../mitkrb-$PKG_VER-openssl3_fixes-1.patch - - - sed -e "/LDFLAGS=/d" -i build-tools/krb5-config.in - sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp || true - sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test || true - sed -i '/t_iprop.py/d' tests/Makefile.in || true + cd src + mv ../*.patch . + apply_patches } -build () { - # would be ideal to use openssl rather than builtin library - autoreconf - ./configure --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var/lib \ - --runstatedir=/run \ - --with-system-et \ - --with-system-ss \ - --with-system-verto=no \ - --with-crypto-impl=builtin \ - --enable-dns-for-realm && - - make +build() { + ./configure \ + CPPFLAGS="$CPPFLAGS -fPIC -I/usr/include/et" \ + WARN_CFLAGS= \ + --prefix=/usr \ + --localstatedir=/var/lib \ + --enable-shared \ + --disable-nls \ + --disable-static \ + --disable-rpath \ + --with-system-et \ + --with-system-ss \ + --with-system-verto \ + --without-tcl \ + --with-ldap + make } -package () { - make DESTDIR=$PKG_DEST install - - install -dm755 $PKG_DEST/usr/share/doc/krb5-$PKG_VER && - cp -fr ../doc/* $PKG_DEST/usr/share/doc/krb5-$PKG_VER +package() { + make install DESTDIR="$PKG_DEST" + mkdir -p "$PKG_DEST"/usr/share/doc/krb5 + mv "$PKG_DEST"/usr/share/examples "$PKG_DEST"/usr/share/doc/krb5/ } + diff --git a/repo/krb5/krb5kadmind.initd b/repo/krb5/krb5kadmind.initd new file mode 100644 index 0000000..64622d5 --- /dev/null +++ b/repo/krb5/krb5kadmind.initd @@ -0,0 +1,25 @@ +#!/sbin/openrc-run + +#--------------------------------------------------------------------------- +# This script starts/stops the MIT Kerberos 5 Admin daemon +#--------------------------------------------------------------------------- + +daemon="MIT Kerberos 5 Admin daemon" +exec="/usr/sbin/kadmind" + +depend() { + need krb5kdc + use net +} + +start() { + ebegin "Starting $daemon" + start-stop-daemon --start --quiet --exec ${exec} 1>&2 + eend $? "Error starting $daemon" +} + +stop() { + ebegin "Stopping $daemon" + start-stop-daemon --stop --quiet --exec ${exec} 1>&2 + eend $? "Error stopping $daemon" +} diff --git a/repo/krb5/krb5kdc.initd b/repo/krb5/krb5kdc.initd new file mode 100644 index 0000000..35cac6f --- /dev/null +++ b/repo/krb5/krb5kdc.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run + +#--------------------------------------------------------------------------- +# This script starts/stops the MIT Kerberos 5 KDC +#--------------------------------------------------------------------------- + +daemon="MIT Kerberos 5 KDC" +exec="/usr/sbin/krb5kdc" + +depend() { + use net +} + +start() { + ebegin "Starting $daemon" + start-stop-daemon --start --quiet --exec ${exec} 1>&2 + eend $? "Error starting $daemon" +} + +stop() { + ebegin "Stopping $daemon" + start-stop-daemon --stop --quiet --exec ${exec} 1>&2 + eend $? "Error stopping $daemon" +} diff --git a/repo/krb5/krb5kpropd.initd b/repo/krb5/krb5kpropd.initd new file mode 100644 index 0000000..75d2f0d --- /dev/null +++ b/repo/krb5/krb5kpropd.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run + +#--------------------------------------------------------------------------- +# This script starts/stops the MIT Kerberos 5 kpropd +#--------------------------------------------------------------------------- + +daemon="MIT Kerberos 5 kpropd" +exec="/usr/sbin/kpropd" + +depend() { + use net krb5kdc krb5kadmind +} + +start() { + ebegin "Starting $daemon" + start-stop-daemon --start --quiet --exec ${exec} -- -S 1>&2 + eend $? "Error starting $daemon" +} + +stop() { + ebegin "Stopping $daemon" + start-stop-daemon --stop --quiet --exec ${exec} 1>&2 + eend $? "Error stopping $daemon" +} diff --git a/repo/krb5/mit-krb5_krb5-config_LDFLAGS.patch b/repo/krb5/mit-krb5_krb5-config_LDFLAGS.patch new file mode 100644 index 0000000..9ae5226 --- /dev/null +++ b/repo/krb5/mit-krb5_krb5-config_LDFLAGS.patch @@ -0,0 +1,12 @@ +Bug #448778 +--- a/build-tools/krb5-config.in ++++ b/build-tools/krb5-config.in +@@ -221,7 +221,7 @@ + -e 's#\$(PROG_RPATH)#'$libdir'#' \ + -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \ + -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ +- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \ ++ -e 's#\$(LDFLAGS)##' \ + -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ + -e 's#\$(CFLAGS)##'` + -- cgit v1.2.1