diff options
Diffstat (limited to 'sys-auth')
20 files changed, 2246 insertions, 14 deletions
diff --git a/sys-auth/Manifest.gz b/sys-auth/Manifest.gz Binary files differindex b584fe9ed5de..8286273d7693 100644 --- a/sys-auth/Manifest.gz +++ b/sys-auth/Manifest.gz diff --git a/sys-auth/keystone/Manifest b/sys-auth/keystone/Manifest index ad0c9f663285..4962e1fbfee1 100644 --- a/sys-auth/keystone/Manifest +++ b/sys-auth/keystone/Manifest @@ -1,13 +1,21 @@ DIST keystone-12.0.1.tar.gz 1492793 BLAKE2B db2d9292be475b73398e767505bbd73d33397a4d7a4bd671877c4a4b7ee22b1e4aa63d86b7a251c1de51bfc74f06d384f2c25242e0b25901db93d627f993e660 SHA512 e6fc4b3c26c58adfe896070fb5034b9ad1fa8c281824177b9ffd0d3aa5f0d5cec7ed3e6e91d404f2bd3bb1cd913819941b25edd0e5c414fa9a9c5f403575141e +DIST keystone-12.0.2.tar.gz 1492547 BLAKE2B 2f7b8b5535cb75dd846a1570fabf95c47e64b162d70c4af3e66d5f379c1a45d383b0ac9fce0a7b48875c210e9c4306476938fe8ddbb04dfc9f75cfc51ce10856 SHA512 8468ef9967b95cc75b02c5b9c66ff71033853674c5012aecf37b98c71af72451e8cdbb4070c1a9197c404f97a5948f214adf6911a3ac5d5ee23c75ec3593433b DIST keystone-13.0.1.tar.gz 1460979 BLAKE2B 9a22b0ba0c66cab9a65f3197c08f93a4c592f4bd67ae59b3dec182db589ff50c2bbf8e269706859d285a4811a1cd32533b7c07b595d2697bba1c487908b1a975 SHA512 cfe89be9b49dd54095ff38b5d2f13eba0e41ecf111ce0dcd40cfc64eaccc1f1105f870f866a2cc49f89c72d0981d5112ee0f8444fc5810f79b65c0f5de7bfc15 +DIST keystone-13.0.2.tar.gz 1462728 BLAKE2B 8bcdbaecf79e2f5e1fbcd840dd27967312320c5f0fe45ed40aa1b339f627cb96ce8186ece9c0b6ab40e66e3699e5be25b0978af056aa86f6da4d5e9b6031285a SHA512 d600ea56acb14a9d34461e599375d6f1b62deb8e8cc33c939e8dec885539aaaa6f57e86e4d8334b92ecd00a68f881f3dd4805feca5cdb3de808743893ce07c68 DIST keystone-14.0.0.tar.gz 1525077 BLAKE2B a91071c7a5ead2ec31039a216a434c85623c76cf3409da049d23726c7ff051a729c925d6107b745b47a67a52b6d07e8853def7f7823d63f055532dfa2bbf3a0b SHA512 90f61c5d408dafddffb41b1dcfcc9372366129558df538606abfd3716a41b88d9430ffb0d1dc20f31ca0a82b1a691b7dc5d47a448dadbe970773902c898e2cf8 +DIST keystone-14.0.1.tar.gz 1526741 BLAKE2B 5ae1a6f0e7a7ce737b3a0fdbd2900e8cb1541ec3b1e08228d4abf58d8021a06a6c9db654ef71c22636436f2601bd49d4934f24650e2a44c101c9610ed7b011af SHA512 87065a16ca70dc9115d331f1e0f3669ac9661f5172f9e8afbecef48e7dd9a4726438b4d757fa54bbd6095a5543427dc913f90a765e83ffb30284b1f8dbfbb8e7 DIST keystone.conf.sample-14.0.0 119794 BLAKE2B 3f3c43b0972230a57b444ffe3ca41fa94a0886831941c8c259738e6575b74776a6add907fac833ba178769bbecd4bc16fe383b53344c1e3cebf3d4eacdbcb50d SHA512 5513b4e3bed869d6fa56bf6163355de2dcbf859dd8f7e76ffa3a0e7b644fe367bbde75a4e090098faba473e1fb26b061d434771e9e6bb8cb105ca609c161e5c1 +DIST keystone.conf.sample-14.0.1 119794 BLAKE2B 3f3c43b0972230a57b444ffe3ca41fa94a0886831941c8c259738e6575b74776a6add907fac833ba178769bbecd4bc16fe383b53344c1e3cebf3d4eacdbcb50d SHA512 5513b4e3bed869d6fa56bf6163355de2dcbf859dd8f7e76ffa3a0e7b644fe367bbde75a4e090098faba473e1fb26b061d434771e9e6bb8cb105ca609c161e5c1 DIST keystone.conf.sample-2018.2.9999 119794 BLAKE2B 3f3c43b0972230a57b444ffe3ca41fa94a0886831941c8c259738e6575b74776a6add907fac833ba178769bbecd4bc16fe383b53344c1e3cebf3d4eacdbcb50d SHA512 5513b4e3bed869d6fa56bf6163355de2dcbf859dd8f7e76ffa3a0e7b644fe367bbde75a4e090098faba473e1fb26b061d434771e9e6bb8cb105ca609c161e5c1 DIST keystone.policy.yaml.sample-14.0.0 38318 BLAKE2B a27e4ea59c99dc91dde9d1cc62340faa4b91e644dc6b8725c2d7de731e44684d8d59571e6470da3ab9fa191087a890a0b417b58b1473038bf39cfc75e5b2bad4 SHA512 95fad079d1fb77d15b9f8e507be8b1e01b493c3f1dd4e992567fe9c905bae01a058e93d59677d472ae47856b13d5cffa213d89e8e267f081a2bad1bf8e1f6036 +DIST keystone.policy.yaml.sample-14.0.1 38318 BLAKE2B a27e4ea59c99dc91dde9d1cc62340faa4b91e644dc6b8725c2d7de731e44684d8d59571e6470da3ab9fa191087a890a0b417b58b1473038bf39cfc75e5b2bad4 SHA512 95fad079d1fb77d15b9f8e507be8b1e01b493c3f1dd4e992567fe9c905bae01a058e93d59677d472ae47856b13d5cffa213d89e8e267f081a2bad1bf8e1f6036 DIST keystone.policy.yaml.sample-2018.2.9999 38318 BLAKE2B a27e4ea59c99dc91dde9d1cc62340faa4b91e644dc6b8725c2d7de731e44684d8d59571e6470da3ab9fa191087a890a0b417b58b1473038bf39cfc75e5b2bad4 SHA512 95fad079d1fb77d15b9f8e507be8b1e01b493c3f1dd4e992567fe9c905bae01a058e93d59677d472ae47856b13d5cffa213d89e8e267f081a2bad1bf8e1f6036 EBUILD keystone-12.0.1.ebuild 6280 BLAKE2B ffb752f981b0e72674cd6dac474a9f475123994cc2eba0ea24eed4d01acccdba9f9ec009c38a42e8e4084e0e6a95e03d794ef4b6be0328e3c87e8e0a17f4f5fa SHA512 32b5582c8e4bb24c3799b3716ac9cc62a254ed694e10e2c72ff275b69535639c442f66baa5eecd81fdca0d8007e1c4e2154eeaa00f07c3f169a7b698aec49230 +EBUILD keystone-12.0.2.ebuild 6279 BLAKE2B 81e4da5649a4545d77086989c8f9e6f25ddad78e568d19bd5431c88207dfa9cee23a9aef83f81d904ae83116e66f8f0418eda5adbc2b1419dc132030e42acc10 SHA512 b6539df2f7b02a1d7f5ea0b09e37f7cf0824073253997514c3626d5236450b932acfd04b42c441aa419219af651a32cbb3e2a0c5d91c12c7fce9060fbb510a8a EBUILD keystone-13.0.1.ebuild 6185 BLAKE2B dc880b6445ed20b3f50e062b338a92576ae8d9d267021550dc817e7d527078715af0521ea8ce910a69c26fd1cee1225e99a7536837ba0a2ceb0e9c01c8b47e15 SHA512 fbc2762108c126f086dbeebb829e0417f54bdccc936c2f72c9667100776b4b94ba4e9c9fca22bc850cb339d54130e3f7b4dc8de936009ab0efb2b92ce9e8c3b3 +EBUILD keystone-13.0.2.ebuild 6184 BLAKE2B 71602626a3ce9f5d34bcd82549b40fbb88f3feacaae10bdfd9e0c5dfbd164042ccb20feeae75af4aff25f29927e4dd57fff1262718998f9b5cf24a66e1ccb764 SHA512 e5ea9e1f103f69749895bea1f7b8ffcb75831b2cac8247f00ad446035892349ffab4e9c70dcb0ff25ea9e955394c6991dd606c5a987af3b73cf7b1536c1a5d5b EBUILD keystone-14.0.0.ebuild 6745 BLAKE2B dfa88d3773cd388b1f01fa03667b80643a3deb4cbfbbb4fa3d1febc3e53cb12a41560e92e9b275224a869b5c2c4c8f6479a0154c3b471827fc94fe506ba85242 SHA512 a194f98e0dc066a70dd4afd55d8f9aab68560087121c55cca2bf12b8bca7dcaffab2984eda0417bd2fe77b084a58d788244a3d58b796f8b17ffc3978c5c01c2f +EBUILD keystone-14.0.1.ebuild 6747 BLAKE2B 80f20a03a8f966590d3880135bd53105f9c0cdacc92bacae08f44ff0933421a5d7fb50651b1f6984c54a6619b67bbb2152a3c0db3c4e7aa61cf40b9e24294019 SHA512 41a7b83d7ae5990b059ff1a6ef62d4b06fd9060be647b0304d34d621ceb93cb33c7cf6cc329597256944ddbdfc3bc11037a1e0ac3d625442bdaf59de50bf08f2 EBUILD keystone-2017.2.9999.ebuild 6298 BLAKE2B 0ffe1ffd9ce957b38693ae38470823461b2f88741e679788ab149d545584e12fd244c8f7c648bd3de0dd1903b9b12e029e7583087a3d4a4861dceacc63bbf6b3 SHA512 c1d8594a094dd25bbbb7119d41a9ce32d302b1af7b6ccf7e59fc1ecc7a2f72c99dfd07a40aed8e2338f20511d019592753c4bd491f9e3405557d694f0fbcf9c0 EBUILD keystone-2018.1.9999.ebuild 6187 BLAKE2B 14d660926e2c4063ede68932eccf12a32a5ca8970d42b858614acb985167b797a9fd47d50ace7b06114f971243886ade20b1c32b5bac237cb36171d2657a8b43 SHA512 ff7fdb04866207596c3923a92b42fdab4bcf9ad1eb6ceb5958d23c0c6fb2eb98c2ca0ce06c92c1c4abfc0f8d561d8021a80acf0ad3c3d486e2223cc5075f8d93 EBUILD keystone-2018.2.9999.ebuild 6750 BLAKE2B 6036789299ec6679527ed0a862310ea34d85540d09c82ac13b5deae92dd55654b669bf46f6cc80a0e88c2abb9137713704290063dc65759abbbea11d5e3c05bb SHA512 c7394c367e842abcef65887f9dc66701352c50dd330f4f0738bf70c35fb6414028369426cfa19dd08b1e520db3c722c918182f256b15398ba9601b32caff33f6 diff --git a/sys-auth/keystone/keystone-12.0.2.ebuild b/sys-auth/keystone/keystone-12.0.2.ebuild new file mode 100644 index 000000000000..e344b5b3f121 --- /dev/null +++ b/sys-auth/keystone/keystone-12.0.2.ebuild @@ -0,0 +1,175 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 python3_{4,5} ) + +inherit distutils-r1 user + +DESCRIPTION="The Openstack authentication, authorization, and service catalog" +HOMEPAGE="https://launchpad.net/keystone" +SRC_URI="https://tarballs.openstack.org/${PN}/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86" +IUSE="+sqlite ldap memcached mongo mysql postgres test" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +CDEPEND=">=dev-python/pbr-2.0.0[${PYTHON_USEDEP}] + !~dev-python/pbr-2.1.0" +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] + ${CDEPEND}" +RDEPEND=" + ${CDEPEND} + >=dev-python/Babel-2.3.4[${PYTHON_USEDEP}] + !~dev-python/Babel-2.4.0[${PYTHON_USEDEP}] + >=dev-python/webob-1.7.1[${PYTHON_USEDEP}] + >=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}] + dev-python/paste[${PYTHON_USEDEP}] + >=dev-python/routes-2.3.1[${PYTHON_USEDEP}] + >=dev-python/cryptography-1.6[${PYTHON_USEDEP}] + !~dev-python/cryptography-2.0[${PYTHON_USEDEP}] + >=dev-python/six-1.9.0[${PYTHON_USEDEP}] + sqlite? ( + >=dev-python/sqlalchemy-1.0.10[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[sqlite,${PYTHON_USEDEP}] + ) + mysql? ( + >=dev-python/pymysql-0.7.6[${PYTHON_USEDEP}] + !~dev-python/pymysql-0.7.7[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[${PYTHON_USEDEP}] + ) + postgres? ( + >=dev-python/psycopg-2.5.0[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[${PYTHON_USEDEP}] + ) + >=dev-python/sqlalchemy-migrate-0.11.0[${PYTHON_USEDEP}] + >=dev-python/stevedore-1.20.0[${PYTHON_USEDEP}] + >=dev-python/passlib-1.7.0[${PYTHON_USEDEP}] + >=dev-python/python-keystoneclient-3.8.0[${PYTHON_USEDEP}] + >=dev-python/keystonemiddleware-4.12.0[${PYTHON_USEDEP}] + >=dev-python/bcrypt-3.1.3[${PYTHON_USEDEP}] + >=dev-python/scrypt-0.8.0[${PYTHON_USEDEP}] + >=dev-python/oslo-cache-1.5.0[${PYTHON_USEDEP}] + >=dev-python/oslo-concurrency-3.8.0[${PYTHON_USEDEP}] + >=dev-python/oslo-config-4.0.0[${PYTHON_USEDEP}] + !~dev-python/oslo-config-4.3.0[${PYTHON_USEDEP}] + !~dev-python/oslo-config-4.4.0[${PYTHON_USEDEP}] + >=dev-python/oslo-context-2.14.0[${PYTHON_USEDEP}] + >=dev-python/oslo-messaging-5.24.2[${PYTHON_USEDEP}] + !~dev-python/oslo-messaging-5.25.0[${PYTHON_USEDEP}] + >=dev-python/oslo-db-4.24.0[${PYTHON_USEDEP}] + >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}] + !~dev-python/oslo-i18n-3.15.2[${PYTHON_USEDEP}] + >=dev-python/oslo-log-3.22.0[${PYTHON_USEDEP}] + >=dev-python/oslo-middleware-3.27.0[${PYTHON_USEDEP}] + >=dev-python/oslo-policy-1.23.0[${PYTHON_USEDEP}] + >=dev-python/oslo-serialization-1.10.0[${PYTHON_USEDEP}] + !~dev-python/oslo-serialization-1.19.1[${PYTHON_USEDEP}] + >=dev-python/oslo-utils-3.20.0[${PYTHON_USEDEP}] + >=dev-python/oauthlib-0.6.0[${PYTHON_USEDEP}] + >=dev-python/pysaml2-2.4.0[${PYTHON_USEDEP}] + <dev-python/pysaml2-4.0.3[${PYTHON_USEDEP}] + >=dev-python/dogpile-cache-0.6.2[${PYTHON_USEDEP}] + >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}] + !~dev-python/jsonschema-2.5.0[${PYTHON_USEDEP}] + <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}] + >=dev-python/pycadf-1.1.0[${PYTHON_USEDEP}] + !~dev-python/pycadf-2.0.0[${PYTHON_USEDEP}] + >=dev-python/msgpack-0.4.0[${PYTHON_USEDEP}] + >=dev-python/osprofiler-1.4.0[${PYTHON_USEDEP}] + >=dev-python/pytz-2013.6[${PYTHON_USEDEP}] + memcached? ( + >=dev-python/python-memcached-1.56[${PYTHON_USEDEP}] + ) + mongo? ( + >=dev-python/pymongo-3.0.2[${PYTHON_USEDEP}] + !~dev-python/pymongo-3.1[${PYTHON_USEDEP}] + ) + ldap? ( + >=dev-python/pyldap-2.4.20[${PYTHON_USEDEP}] + >=dev-python/ldappool-2.0.0[${PYTHON_USEDEP}] + ) + || ( + www-servers/uwsgi[python,${PYTHON_USEDEP}] + www-apache/mod_wsgi[${PYTHON_USEDEP}] + www-servers/gunicorn[${PYTHON_USEDEP}] + )" + +#PATCHES=( +#) + +pkg_setup() { + enewgroup keystone + enewuser keystone -1 -1 /var/lib/keystone keystone +} + +python_prepare_all() { + # it's in git, but not in the tarball..... + sed -i '/^hacking/d' test-requirements.txt || die + mkdir -p ${PN}/tests/tmp/ || die + cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die + sed -i 's|/usr/local|/usr|g' httpd/keystone-uwsgi-* || die + sed -i 's|python|python27|g' httpd/keystone-uwsgi-* || die + # allow useage of renamed msgpack + sed -i '/^msgpack/d' requirements.txt || die + distutils-r1_python_prepare_all +} + +python_test() { + nosetests -I 'test_keystoneclient*' \ + -e test_static_translated_string_is_Message \ + -e test_get_token_id_error_handling \ + -e test_provider_token_expiration_validation \ + -e test_import --process-restartworker --process-timeout=60 || die "testsuite failed under python2.7" +} + +python_install_all() { + distutils-r1_python_install_all + + diropts -m 0750 + keepdir /etc/keystone /var/log/keystone + insinto /etc/keystone + insopts -m0640 -okeystone -gkeystone + doins etc/keystone.conf.sample etc/logging.conf.sample + doins etc/default_catalog.templates + doins etc/policy.v3cloudsample.json etc/keystone-paste.ini + insinto /etc/keystone/httpd + doins httpd/* + + fowners keystone:keystone /etc/keystone /etc/keystone/httpd /var/log/keystone +} + +pkg_postinst() { + elog "You might want to run:" + elog "emerge --config =${CATEGORY}/${PF}" + elog "if this is a new install." + elog "If you have not already configured your openssl installation" + elog "please do it by modifying /etc/ssl/openssl.cnf" + elog "BEFORE issuing the configuration command." + elog "Otherwise default values will be used." +} + +pkg_config() { + if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then + einfo "Press ENTER to configure the keystone PKI, or Control-C to abort now..." + read + "${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone + else + einfo "keystone PKI certificates directory already present, skipping configuration" + fi +} diff --git a/sys-auth/keystone/keystone-13.0.2.ebuild b/sys-auth/keystone/keystone-13.0.2.ebuild new file mode 100644 index 000000000000..dadc589f637c --- /dev/null +++ b/sys-auth/keystone/keystone-13.0.2.ebuild @@ -0,0 +1,176 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) + +inherit distutils-r1 user + +DESCRIPTION="The Openstack authentication, authorization, and service catalog" +HOMEPAGE="https://launchpad.net/keystone" +if [[ ${PV} == *9999 ]];then + inherit git-r3 + EGIT_REPO_URI="https://github.com/openstack/keystone.git" + EGIT_BRANCH="stable/queens" +else + SRC_URI="https://tarballs.openstack.org/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm64 ~x86" +fi + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="+sqlite ldap memcached mongo mysql postgres test" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +CDEPEND=">=dev-python/pbr-2.0.0[${PYTHON_USEDEP}] + !~dev-python/pbr-2.1.0" +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] + ${CDEPEND}" +RDEPEND=" + ${CDEPEND} + >=dev-python/Babel-2.3.4[${PYTHON_USEDEP}] + !~dev-python/Babel-2.4.0[${PYTHON_USEDEP}] + >=dev-python/webob-1.7.1[${PYTHON_USEDEP}] + >=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}] + >=dev-python/paste-2.0.2[${PYTHON_USEDEP}] + >=dev-python/routes-2.3.1[${PYTHON_USEDEP}] + >=dev-python/cryptography-1.9[${PYTHON_USEDEP}] + !~dev-python/cryptography-2.0[${PYTHON_USEDEP}] + >=dev-python/six-1.10.0[${PYTHON_USEDEP}] + sqlite? ( + >=dev-python/sqlalchemy-1.0.10[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[sqlite,${PYTHON_USEDEP}] + ) + mysql? ( + >=dev-python/pymysql-0.7.6[${PYTHON_USEDEP}] + !~dev-python/pymysql-0.7.7[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[${PYTHON_USEDEP}] + ) + postgres? ( + >=dev-python/psycopg-2.5.0[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[${PYTHON_USEDEP}] + ) + >=dev-python/sqlalchemy-migrate-0.11.0[${PYTHON_USEDEP}] + >=dev-python/stevedore-1.20.0[${PYTHON_USEDEP}] + >=dev-python/passlib-1.7.0[${PYTHON_USEDEP}] + >=dev-python/python-keystoneclient-3.8.0[${PYTHON_USEDEP}] + >=dev-python/keystonemiddleware-4.17.0[${PYTHON_USEDEP}] + >=dev-python/bcrypt-3.1.3[${PYTHON_USEDEP}] + >=dev-python/scrypt-0.8.0[${PYTHON_USEDEP}] + >=dev-python/oslo-cache-1.26.0[${PYTHON_USEDEP}] + >=dev-python/oslo-concurrency-3.25.0[${PYTHON_USEDEP}] + >=dev-python/oslo-config-5.1.0[${PYTHON_USEDEP}] + >=dev-python/oslo-context-2.14.0[${PYTHON_USEDEP}] + >=dev-python/oslo-messaging-5.29.0[${PYTHON_USEDEP}] + >=dev-python/oslo-db-4.27.0[${PYTHON_USEDEP}] + >=dev-python/oslo-i18n-3.15.3[${PYTHON_USEDEP}] + >=dev-python/oslo-log-3.36.0[${PYTHON_USEDEP}] + >=dev-python/oslo-middleware-3.31.0[${PYTHON_USEDEP}] + >=dev-python/oslo-policy-1.30.0[${PYTHON_USEDEP}] + >=dev-python/oslo-serialization-1.18.0[${PYTHON_USEDEP}] + !~dev-python/oslo-serialization-1.19.1[${PYTHON_USEDEP}] + >=dev-python/oslo-utils-3.33.0[${PYTHON_USEDEP}] + >=dev-python/oauthlib-0.6.0[${PYTHON_USEDEP}] + >=dev-python/pysaml2-4.0.2[${PYTHON_USEDEP}] + <dev-python/pysaml2-4.0.3[${PYTHON_USEDEP}] + >=dev-python/dogpile-cache-0.6.2[${PYTHON_USEDEP}] + >=dev-python/jsonschema-2.6.0[${PYTHON_USEDEP}] + <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}] + >=dev-python/pycadf-1.1.0[${PYTHON_USEDEP}] + !~dev-python/pycadf-2.0.0[${PYTHON_USEDEP}] + >=dev-python/msgpack-0.4.0[${PYTHON_USEDEP}] + >=dev-python/osprofiler-1.4.0[${PYTHON_USEDEP}] + >=dev-python/pytz-2013.6[${PYTHON_USEDEP}] + memcached? ( + >=dev-python/python-memcached-1.56[${PYTHON_USEDEP}] + ) + mongo? ( + >=dev-python/pymongo-3.0.2[${PYTHON_USEDEP}] + !~dev-python/pymongo-3.1[${PYTHON_USEDEP}] + ) + ldap? ( + >=dev-python/pyldap-2.4.20[${PYTHON_USEDEP}] + >=dev-python/ldappool-2.0.0[${PYTHON_USEDEP}] + ) + || ( + www-servers/uwsgi[python,${PYTHON_USEDEP}] + www-apache/mod_wsgi[${PYTHON_USEDEP}] + www-servers/gunicorn[${PYTHON_USEDEP}] + )" + +#PATCHES=( +#) + +pkg_setup() { + enewgroup keystone + enewuser keystone -1 -1 /var/lib/keystone keystone +} + +python_prepare_all() { + # it's in git, but not in the tarball..... + sed -i '/^hacking/d' test-requirements.txt || die + mkdir -p ${PN}/tests/tmp/ || die + cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die + sed -i 's|/usr/local|/usr|g' httpd/keystone-uwsgi-* || die + sed -i 's|python|python27|g' httpd/keystone-uwsgi-* || die + # allow useage of renamed msgpack + sed -i '/^msgpack/d' requirements.txt || die + distutils-r1_python_prepare_all +} + +python_test() { + nosetests -I 'test_keystoneclient*' \ + -e test_static_translated_string_is_Message \ + -e test_get_token_id_error_handling \ + -e test_provider_token_expiration_validation \ + -e test_import --process-restartworker --process-timeout=60 || die "testsuite failed under python2.7" +} + +python_install_all() { + distutils-r1_python_install_all + + diropts -m 0750 + keepdir /etc/keystone /var/log/keystone + insinto /etc/keystone + insopts -m0640 -okeystone -gkeystone + doins etc/keystone.conf.sample etc/logging.conf.sample + doins etc/default_catalog.templates + doins etc/policy.v3cloudsample.json etc/keystone-paste.ini + insinto /etc/keystone/httpd + doins httpd/* + + fowners keystone:keystone /etc/keystone /etc/keystone/httpd /var/log/keystone +} + +pkg_postinst() { + elog "You might want to run:" + elog "emerge --config =${CATEGORY}/${PF}" + elog "if this is a new install." + elog "If you have not already configured your openssl installation" + elog "please do it by modifying /etc/ssl/openssl.cnf" + elog "BEFORE issuing the configuration command." + elog "Otherwise default values will be used." +} + +pkg_config() { + if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then + einfo "Press ENTER to configure the keystone PKI, or Control-C to abort now..." + read + "${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone + else + einfo "keystone PKI certificates directory already present, skipping configuration" + fi +} diff --git a/sys-auth/keystone/keystone-14.0.1.ebuild b/sys-auth/keystone/keystone-14.0.1.ebuild new file mode 100644 index 000000000000..09d71b567d32 --- /dev/null +++ b/sys-auth/keystone/keystone-14.0.1.ebuild @@ -0,0 +1,181 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) + +inherit distutils-r1 user + +DESCRIPTION="The Openstack authentication, authorization, and service catalog" +HOMEPAGE="https://launchpad.net/keystone" +if [[ ${PV} == *9999 ]];then + inherit git-r3 + SRC_URI="https://dev.gentoo.org/~prometheanfire/dist/openstack/keystone/rocky/keystone.conf.sample -> keystone.conf.sample-${PV} + https://dev.gentoo.org/~prometheanfire/dist/openstack/keystone/rocky/keystone.policy.yaml.sample -> keystone.policy.yaml.sample-${PV}" + EGIT_REPO_URI="https://github.com/openstack/keystone.git" + EGIT_BRANCH="stable/rocky" +else + SRC_URI="https://dev.gentoo.org/~prometheanfire/dist/openstack/keystone/rocky/keystone.conf.sample -> keystone.conf.sample-${PV} + https://dev.gentoo.org/~prometheanfire/dist/openstack/keystone/rocky/keystone.policy.yaml.sample -> keystone.policy.yaml.sample-${PV} + https://tarballs.openstack.org/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm64 ~x86" +fi + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="+sqlite ldap memcached mongo mysql postgres test" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +CDEPEND=">=dev-python/pbr-2.0.0[${PYTHON_USEDEP}] + !~dev-python/pbr-2.1.0" +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] + ${CDEPEND}" +RDEPEND=" + ${CDEPEND} + >=dev-python/Babel-2.3.4[${PYTHON_USEDEP}] + !~dev-python/Babel-2.4.0[${PYTHON_USEDEP}] + >=dev-python/webob-1.7.1[${PYTHON_USEDEP}] + >=dev-python/routes-2.3.1[${PYTHON_USEDEP}] + >=dev-python/flask-1.0.2[${PYTHON_USEDEP}] + >=dev-python/flask-restful-0.3.5[${PYTHON_USEDEP}] + >=dev-python/cryptography-2.1[${PYTHON_USEDEP}] + >=dev-python/six-1.10.0[${PYTHON_USEDEP}] + sqlite? ( + >=dev-python/sqlalchemy-1.0.10[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[sqlite,${PYTHON_USEDEP}] + ) + mysql? ( + >=dev-python/pymysql-0.7.6[${PYTHON_USEDEP}] + !~dev-python/pymysql-0.7.7[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[${PYTHON_USEDEP}] + ) + postgres? ( + >=dev-python/psycopg-2.5.0[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-1.0.10[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.5[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.6[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.7[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-1.1.8[${PYTHON_USEDEP}] + ) + >=dev-python/sqlalchemy-migrate-0.11.0[${PYTHON_USEDEP}] + >=dev-python/stevedore-1.20.0[${PYTHON_USEDEP}] + >=dev-python/passlib-1.7.0[${PYTHON_USEDEP}] + >=dev-python/python-keystoneclient-3.8.0[${PYTHON_USEDEP}] + >=dev-python/keystonemiddleware-4.17.0[${PYTHON_USEDEP}] + >=dev-python/bcrypt-3.1.3[${PYTHON_USEDEP}] + >=dev-python/scrypt-0.8.0[${PYTHON_USEDEP}] + >=dev-python/oslo-cache-1.26.0[${PYTHON_USEDEP}] + >=dev-python/oslo-concurrency-3.26.0[${PYTHON_USEDEP}] + >=dev-python/oslo-config-5.2.0[${PYTHON_USEDEP}] + >=dev-python/oslo-context-2.21.0[${PYTHON_USEDEP}] + >=dev-python/oslo-messaging-5.29.0[${PYTHON_USEDEP}] + >=dev-python/oslo-db-4.27.0[${PYTHON_USEDEP}] + >=dev-python/oslo-i18n-3.15.3[${PYTHON_USEDEP}] + >=dev-python/oslo-log-3.36.0[${PYTHON_USEDEP}] + >=dev-python/oslo-middleware-3.31.0[${PYTHON_USEDEP}] + >=dev-python/oslo-policy-1.30.0[${PYTHON_USEDEP}] + >=dev-python/oslo-serialization-1.18.0[${PYTHON_USEDEP}] + !~dev-python/oslo-serialization-1.19.1[${PYTHON_USEDEP}] + >=dev-python/oslo-utils-3.33.0[${PYTHON_USEDEP}] + >=dev-python/oauthlib-0.6.2[${PYTHON_USEDEP}] + >=dev-python/pysaml2-4.5.0[${PYTHON_USEDEP}] + >=dev-python/dogpile-cache-0.6.2[${PYTHON_USEDEP}] + >=dev-python/jsonschema-2.6.0[${PYTHON_USEDEP}] + <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}] + >=dev-python/pycadf-1.1.0[${PYTHON_USEDEP}] + !~dev-python/pycadf-2.0.0[${PYTHON_USEDEP}] + >=dev-python/msgpack-0.4.0[${PYTHON_USEDEP}] + >=dev-python/osprofiler-1.4.0[${PYTHON_USEDEP}] + >=dev-python/pytz-2013.6[${PYTHON_USEDEP}] + memcached? ( + >=dev-python/python-memcached-1.56[${PYTHON_USEDEP}] + ) + mongo? ( + >=dev-python/pymongo-3.0.2[${PYTHON_USEDEP}] + !~dev-python/pymongo-3.1[${PYTHON_USEDEP}] + ) + ldap? ( + >=dev-python/pyldap-2.4.20[${PYTHON_USEDEP}] + >=dev-python/ldappool-2.0.0[${PYTHON_USEDEP}] + ) + || ( + www-servers/uwsgi[python,${PYTHON_USEDEP}] + www-apache/mod_wsgi[${PYTHON_USEDEP}] + www-servers/gunicorn[${PYTHON_USEDEP}] + )" + +#PATCHES=( +#) + +pkg_setup() { + enewgroup keystone + enewuser keystone -1 -1 /var/lib/keystone keystone +} + +python_prepare_all() { + # it's in git, but not in the tarball..... + sed -i '/^hacking/d' test-requirements.txt || die + mkdir -p ${PN}/tests/tmp/ || die + cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die + sed -i 's|/usr/local|/usr|g' httpd/keystone-uwsgi-* || die + sed -i 's|python|python27|g' httpd/keystone-uwsgi-* || die + # allow useage of renamed msgpack + sed -i '/^msgpack/d' requirements.txt || die + distutils-r1_python_prepare_all +} + +python_test() { + nosetests -I 'test_keystoneclient*' \ + -e test_static_translated_string_is_Message \ + -e test_get_token_id_error_handling \ + -e test_provider_token_expiration_validation \ + -e test_import --process-restartworker --process-timeout=60 || die "testsuite failed under python2.7" +} + +python_install_all() { + distutils-r1_python_install_all + + diropts -m 0750 + keepdir /etc/keystone /var/log/keystone + insinto /etc/keystone + insopts -m0640 -okeystone -gkeystone + newins "${DISTDIR}/keystone.conf.sample-${PV}" keystone.conf.sample + newins "${DISTDIR}/keystone.policy.yaml.sample-${PV}" keystone.policy.yaml.sample + doins etc/logging.conf.sample + doins etc/default_catalog.templates + doins etc/policy.v3cloudsample.json + doins etc/keystone-paste.ini + insinto /etc/keystone/httpd + doins httpd/* + + fowners keystone:keystone /etc/keystone /etc/keystone/httpd /var/log/keystone +} + +pkg_postinst() { + elog "You might want to run:" + elog "emerge --config =${CATEGORY}/${PF}" + elog "if this is a new install." + elog "If you have not already configured your openssl installation" + elog "please do it by modifying /etc/ssl/openssl.cnf" + elog "BEFORE issuing the configuration command." + elog "Otherwise default values will be used." +} + +pkg_config() { + if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then + einfo "Press ENTER to configure the keystone PKI, or Control-C to abort now..." + read + "${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone + else + einfo "keystone PKI certificates directory already present, skipping configuration" + fi +} diff --git a/sys-auth/oath-toolkit/Manifest b/sys-auth/oath-toolkit/Manifest index 62b98c6de795..73896a14f528 100644 --- a/sys-auth/oath-toolkit/Manifest +++ b/sys-auth/oath-toolkit/Manifest @@ -1,6 +1,7 @@ AUX oath-toolkit-2.6.2-gcc7.patch 3526 BLAKE2B 07966d96b4362cb7c271fa745cf9be843e14db9cade77768a9f31bbb0435c4f1f56c81464630871ad337213cbdc97ed0c1cf9ad9d261e29812984bab767c1eb1 SHA512 4bf9bc8e176861f044c55aab6c6cb48dcd7ac1d887f71f08475cc1e7f2b14cb04edc8417532613433af35687169667b073ea57556c85114e5a763a03443a85b9 +AUX oath-toolkit-2.6.2-glibc228.patch 4786 BLAKE2B 7690a2b5249b7c668be5a516fa0a298d789ac4d259a27ea3b5c9d5a581990ebc2431074f7e7adcc61c03ce2e0979cfbd2220c4335959c3f4f7279e758b954451 SHA512 4d015bc760b9df074441f93cd94342aff595b5ad5215165d64c0557222123b821c791a87afcba15a3ce0acfbe6945d96330468673249f4a2b1dc1700ab9040b2 DIST oath-toolkit-2.6.1.tar.gz 4238966 BLAKE2B 7af4f4997b18278aa1903470c79e5a7734e9e97e62a2de4685eee58ead59e3294cef0d6da0147746932a2891f59648b5473f02b5edd6c4fd81b4a9c80d9bde60 SHA512 59feadbc06d11a52bf5879493227c40358fc1f4f17ec3ff92e3a313e47b92f3154396fa3ff38ef163852b32c8bfcef1f59753b614d0138478b8f7e7971f55e62 DIST oath-toolkit-2.6.2.tar.gz 4295786 BLAKE2B 2b97ab73339647b560b46373922095f18655a167b613b15d4ee2fd507d430025628d20eb111ff1d8025e78646b1d61d9680a7082caba1c75d247bb1d8b9b99dd SHA512 201a702a05a2e9fb3a66d04750e1a34e293342126caf02c344954a0d9fd0daafe73ca7f1fe273be129ae555a29b82b72fa2b4770ea2ad10711924e1926ec2cfb EBUILD oath-toolkit-2.6.1.ebuild 1456 BLAKE2B cf19d07cdb90a67e55e581593b5819ad9c4d75e0751afc21db7dd0dda4dc6d239b3d43bd377106591af4769edc36ed12b8a90b6cc47fa1183d3babde017d67fb SHA512 0c03c380e36070e9030575d63435554ec573cd0ea75bb87bc28cfda3e5a8ca10c025fdc6b14f670a3db200c78064ff12e92db4b8ae1f935c71b778728ffab414 -EBUILD oath-toolkit-2.6.2.ebuild 1500 BLAKE2B 5f0202b63c0eddd14763d8281200eafe7361336d2c1e5fa34be0a61c95d18d5eb5b80fe5ab52c103bfd5b7223126e6fb9d177fb923dd8f896bae749962210bf6 SHA512 d0225d4edaf4890bc22aa03e3835f85ff8137af525a874369eaf2880b76bf424ad2ecb0ea0da7163d9896307508ddf4091660ac4cfef283adc2e791547792beb +EBUILD oath-toolkit-2.6.2.ebuild 1533 BLAKE2B e9711d2452a738eef9d553ffc3471880993421296e122d595153d69a9caf2302078b5e6c9e8ccb2cce05e5033aaee1d94cf20abff17d3747063954c122d26a2e SHA512 861a17031cdfce9d8db722f3f7a617f4a42dbb7190768c8adf0aaa37f097694bff84ecac0ee9a4079c977b62504080c0b87ddf5e9376a7f867c9bbe149b39126 MISC metadata.xml 560 BLAKE2B 946cac9a0134fb3291ad816283326746067411e000e98be05cd8f87dfa0455ef3558b1bdabcb537356fed867d8667850d929747592e7c79212c7ad3357434c84 SHA512 4d6506e02bb4a6f6069dfe357cc3e05c897699a067771baa995af823d4de587d2580b01bf1c2a38cb8f8f679ba0702498ad904b6bb1d685a2759c2b7752be7f2 diff --git a/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch new file mode 100644 index 000000000000..c43f7aee0fe7 --- /dev/null +++ b/sys-auth/oath-toolkit/files/oath-toolkit-2.6.2-glibc228.patch @@ -0,0 +1,100 @@ +diff -ruN oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c oath-toolkit-2.6.2/liboath/gl/fseeko.c +--- oath-toolkit-2.6.2.orig/liboath/gl/fseeko.c 2016-08-27 13:15:06.000000000 +0200 ++++ oath-toolkit-2.6.2/liboath/gl/fseeko.c 2018-10-27 22:07:53.836832404 +0200 +@@ -1,18 +1,18 @@ + /* An fseeko() function that, together with fflush(), is POSIX compliant. +- Copyright (C) 2007-2016 Free Software Foundation, Inc. ++ Copyright (C) 2007-2018 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify +- it under the terms of the GNU Lesser General Public License as published by +- the Free Software Foundation; either version 2.1, or (at your option) ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- GNU Lesser General Public License for more details. ++ GNU General Public License for more details. + +- You should have received a copy of the GNU Lesser General Public License along +- with this program; if not, see <http://www.gnu.org/licenses/>. */ ++ You should have received a copy of the GNU General Public License along ++ with this program; if not, see <https://www.gnu.org/licenses/>. */ + + #include <config.h> + +@@ -33,9 +33,9 @@ + #endif + #if _GL_WINDOWS_64_BIT_OFF_T + # undef fseeko +-# if HAVE__FSEEKI64 /* msvc, mingw64 */ ++# if HAVE__FSEEKI64 && HAVE_DECL__FSEEKI64 /* msvc, mingw since msvcrt8.0, mingw64 */ + # define fseeko _fseeki64 +-# else /* mingw */ ++# else /* mingw before msvcrt8.0 */ + # define fseeko fseeko64 + # endif + #endif +@@ -47,12 +47,13 @@ + #endif + + /* These tests are based on fpurge.c. */ +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 ++ /* GNU libc, BeOS, Haiku, Linux libc5 */ + if (fp->_IO_read_end == fp->_IO_read_ptr + && fp->_IO_write_ptr == fp->_IO_write_base + && fp->_IO_save_base == NULL) + #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ +- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ ++ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ + # if defined __SL64 && defined __SCLE /* Cygwin */ + if ((fp->_flags & __SL64) == 0) + { +@@ -80,7 +81,7 @@ + #elif defined __minix /* Minix */ + if (fp_->_ptr == fp_->_buf + && (fp_->_ptr == NULL || fp_->_count == 0)) +-#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */ ++#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, MSVC, NonStop Kernel, OpenVMS */ + if (fp_->_ptr == fp_->_base + && (fp_->_ptr == NULL || fp_->_cnt == 0)) + #elif defined __UCLIBC__ /* uClibc */ +@@ -117,18 +118,19 @@ + if (pos == -1) + { + #if defined __sferror || defined __DragonFly__ || defined __ANDROID__ +- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ ++ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ + fp_->_flags &= ~__SOFF; + #endif + return -1; + } + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 ++ /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_flags &= ~_IO_EOF_SEEN; + fp->_offset = pos; + #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ +- /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ +-# if defined __CYGWIN__ || (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) ++ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ ++# if defined __CYGWIN__ || (defined __NetBSD__ && __NetBSD_Version__ >= 600000000) || defined __minix + /* fp_->_offset is typed as an integer. */ + fp_->_offset = pos; + # else +@@ -150,8 +152,8 @@ + fp_->_flags &= ~__SEOF; + #elif defined __EMX__ /* emx+gcc */ + fp->_flags &= ~_IOEOF; +-#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */ +- fp->_flag &= ~_IOEOF; ++#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, MSVC, NonStop Kernel, OpenVMS */ ++ fp_->_flag &= ~_IOEOF; + #elif defined __MINT__ /* Atari FreeMiNT */ + fp->__offset = pos; + fp->__eof = 0; diff --git a/sys-auth/oath-toolkit/oath-toolkit-2.6.2.ebuild b/sys-auth/oath-toolkit/oath-toolkit-2.6.2.ebuild index f3d38999c1e5..26a301c88498 100644 --- a/sys-auth/oath-toolkit/oath-toolkit-2.6.2.ebuild +++ b/sys-auth/oath-toolkit/oath-toolkit-2.6.2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -20,7 +20,10 @@ DEPEND="${RDEPEND} test? ( dev-libs/libxml2 ) dev-util/gtk-doc-am" -PATCHES=( "${FILESDIR}"/${P}-gcc7.patch ) +PATCHES=( + "${FILESDIR}"/${P}-gcc7.patch + "${FILESDIR}"/${P}-glibc228.patch +) src_prepare() { default diff --git a/sys-auth/pam_ssh_agent_auth/Manifest b/sys-auth/pam_ssh_agent_auth/Manifest index 6bd9831a06d7..561c8176a138 100644 --- a/sys-auth/pam_ssh_agent_auth/Manifest +++ b/sys-auth/pam_ssh_agent_auth/Manifest @@ -1,10 +1,14 @@ +AUX pam_ssh_agent_auth-0.10.3-openssl-1.1.1.patch 46417 BLAKE2B bb62c32fc9c1eb5dc0788b9a535fdf6000812c57a6a758e693406a0d01bcf0cc5ec9f7622c4f21cee74895657a5a3ad13255e19d51e20eca8978e63864266629 SHA512 279fad3be9289c1da06d34e08d2b81a8ad863e07c7b0471419c029aa121abe9942ae4cc4259b7f1e2c2dd32368fc07dc1f9432aba860820455e0d9419c9e7f74 AUX pam_ssh_agent_auth-0.9.2-libs.patch 1314 BLAKE2B fcbb332e2dbfa47d983970e66586d38f403ea2ea50f25f0273a2868560c1f4962db4b1be2ade94b42f3bed23cbf427710ad71400e5181b0b6f5d4c76d24d2f74 SHA512 ea99c2253081543e041ec043b62df9531ea9ffad029f213f17ce9e8b8b6d673cb4e7a794ddfe57fcea995b49c26a5cb775433e3dc413800c45d625c4e3c8808c DIST pam_ssh_agent_auth-0.10.2.tar.bz2 246412 BLAKE2B 3adf2bcc76559733f997744c95c660c67010b124db6e811559625a2ad7cbc7339d43d22dd5144135ae36ab90fdeb3c80c887e3157241936ceeb6026c8aa298fe SHA512 b4b9bc4486d873f236f7c54874c996e24f344f889dfda3beadb12b97cbb89078028a103a4a7175cd919fb0a12fd5bcefef50420510ae5eff9252e494e0124b38 +DIST pam_ssh_agent_auth-0.10.3.tar.bz2 1066393 BLAKE2B 07b113d05e09f770d63dbea813ea644199d2b103f9c6d7e5960bfad37cb181ce5a5f111f72e0274c0335e4c217ccd19bd53d61af23f8bc6aff14c1995fc4edc9 SHA512 d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66 DIST pam_ssh_agent_auth-0.9.2.tar.bz2 237156 BLAKE2B b9d09920e10b454ea739e44c38daba6a509fbd4a96f01e26a82e0a8c58b696806b1f3ea95d53c10b55ed01e5804dfb687dd4545b87d85fa4f6a474548c3666d5 SHA512 e710a4dff315c8d79c5d5edc4ebe1629a8fc6d09651813fd4792a2021e7c2d5768d6b7e8539801e31b947cc30817f32375d751fc396707fc4f257df4f33cd408 DIST pam_ssh_agent_auth-0.9.3.tar.bz2 239596 BLAKE2B 7be6af1c78457e082d34f5df406fccf74fbda48d1fe87be0592b927ea296b6db3cf1f9a58bcdd61c50556ffc53c16276dc87e5970d9caa0e51fb520e0473240b SHA512 c2304dcf623858339b5fd77bcf64e9c980a3ee241384b9125d64ba6ab9539a65eacbd3576b31a94bb390e4c089e702f9df2963119250b773bd8be872ae63a050 DIST pam_ssh_agent_auth-0.9.4.tar.bz2 239250 BLAKE2B fee1e009a5374126db0b0df9f05436521e215933ed2eabdcd1983e6372fc7160c6a6c53d07b9ddc7bdd8b9529a27c7da4ef35aad2c80ea1ef2f895f3fb237135 SHA512 3d469e85bf7c49dcf9345c63678ebe050db4d15447592bc337bfc762f2337f92cebd7e840fc12d7be94acf1aa47b0272efe2c1688888ecd8f9daf63549520792 EBUILD pam_ssh_agent_auth-0.10.2.ebuild 790 BLAKE2B 2ecff3ae129494ef13289417ed46219e1894506eaf070301089dd61d58362b462f24e3e306118e54650ac5e10a9a52f19cd5d624232977966d2e35709b954ff4 SHA512 49c0e34eae182fccef342a3d4afa3bdcf9932222866478b028b6ce071a2afe14783ba3a6083411b074db4c9795854e22eb3391f103fa6ecac9b3a7c72853066d +EBUILD pam_ssh_agent_auth-0.10.3.ebuild 990 BLAKE2B 8d67820e853e5631da52f007913ce66fd3e409d24cc493f7cd7cee5e5c72e79afbd3d04e5d7318972150195ae76e3e2312564931aa71729053dea936875d57a7 SHA512 a765b39e419749f5ffeab11665f0dacb2ca4fc811b6cee2b2a1753b8690f600f2e216f830f5568645ff38864bffb20d2677f9eff08f69b51f4961903b078fa4e EBUILD pam_ssh_agent_auth-0.9.2.ebuild 853 BLAKE2B 61a7e4feba97b652892c96f5901b60a04f482b806faf84b2e2fa451974545afa4b1bb1e36289f6765e57a0295af040eaa9d36a4ea7f9ef8ae83d14891be74fff SHA512 326af2ffaa4d7f871584e2f0c659e23c6f089f86eade0f85eee50785e1810f2fe394459f9b977f47142ecbb26317572c812a585d0d9bf61be555fd868493e6c4 EBUILD pam_ssh_agent_auth-0.9.3.ebuild 873 BLAKE2B ede6573827d2c3b58fee9bd7af4aecfe6f81d14e326eef76f7053d936a1c0fa9a869bedc30ccc8d91000f3e739c7ba3bbb3ce49e13ea05b0890d95fcfcfe21dd SHA512 d3aaac053792d87967fb01cc16dec5b3d3efe58fef3a1b0443c87121d01d34305b9d9fbe25dcafa277638e78801d03238d88160796e97601dc4708def758277e EBUILD pam_ssh_agent_auth-0.9.4.ebuild 802 BLAKE2B ab45042fc1e54c318a696004576d75c69882eb4a679f3486809efe533ba5ccd4d51a9b5cdaa61bd2866c660982132635f4dd4c3a86d56aca43ba880d6cd793cb SHA512 4a94a25449e2313a8ec657f62a378e6452af8b6a944fa54b31eeecea2753f475d2ded378b59eadf9b2233c39cfaa168f432c7f2bbbd95ee0782b38d0d9c06061 -MISC metadata.xml 305 BLAKE2B 2fbbd79c315ccb13a14dde087b8f444497988f0680a14282016effa3eccdc803f9f5b32fa31af2ded101c5e83ad346738e3b16329d1b4f04daa498a3a4c2b9e8 SHA512 4bbf43d0541b9313197f5883f7913d9a611d8cc549829e652ef24fda5b2e9ae55f3f52ff04b85f143fb8a3c9cecf0f4d164384241af53f453abe42b9aaa022bd +EBUILD pam_ssh_agent_auth-9999.ebuild 938 BLAKE2B 1bf278f334da97723e7bfaae19ba60371cb7dd04aeb5998db26377f91b41af1ebf4fa402b6706dac2365473d45ee535b7d09deaabb7ca0a09b09bf457cb8fb36 SHA512 cad3c6b589740e3d811b0f9a4d6b00fb1c85beaeff5024173cab02514ed4524daf02616a2c8135202e4fd7200926cf765578701ba2df0ee14d209145cb3c3bb2 +MISC metadata.xml 372 BLAKE2B 00c28dfa41217cc3c687c7ecea1c15b7e29cf1972e501dade823f2a87b814d2400a4185e1942e3785d88c47dc0357c8b29c0698ecaecea7469312f7b3d9845e4 SHA512 f6d0735120460a980030b24d8b29dcdf5e53137e4ce565a99140040b96e620f5d0564e28a6c76df16520cb62d2a6ec46313607c9b5e31635616b45d7f7e069e8 diff --git a/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.10.3-openssl-1.1.1.patch b/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.10.3-openssl-1.1.1.patch new file mode 100644 index 000000000000..a422cd5e479f --- /dev/null +++ b/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.10.3-openssl-1.1.1.patch @@ -0,0 +1,1244 @@ +From eef90424a0545b7b0125dfaf5e3cef3c5248ada0 Mon Sep 17 00:00:00 2001 +From: Guido Falsi <mad@madpilot.net> +Date: Sat, 20 Oct 2018 14:29:43 +0200 +Subject: [PATCH 1/2] Adapt to OpenSSL 1.1.1. + +The FreeBSD operating system is migrating to OpenSSL 1.1.1 and I have created this set of patches to make pam_ssh_agent_auth compile with it. + +The patch comments out some parts of include files which are not actually used and reference now opaque OpenSSL internals. + +I also have migrated the source files to use accessors to use the OpenSSL objects. + +The patch works on FreeBSD head (will be 12.0) but the --without-openssl-header-check argument is required in configure there. +--- + authfd.c | 50 ++++++++++++++++++++ + bufbn.c | 4 ++ + cipher.h | 6 ++- + kex.h | 9 +++- + key.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++-- + ssh-dss.c | 51 ++++++++++++++++---- + ssh-ecdsa.c | 40 ++++++++++++---- + ssh-rsa.c | 22 +++++++-- + 8 files changed, 287 insertions(+), 28 deletions(-) + +diff --git a/authfd.c b/authfd.c +index 7b96921..35f8de1 100644 +--- a/authfd.c ++++ b/authfd.c +@@ -372,6 +372,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + case 1: + key = pamsshagentauth_key_new(KEY_RSA1); + bits = pamsshagentauth_buffer_get_int(&auth->identities); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); + *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); +@@ -379,6 +380,15 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + if (keybits < 0 || bits != (u_int)keybits) + pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", + BN_num_bits(key->rsa->n), bits); ++#else ++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_n(key->rsa)); ++ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); ++ keybits = BN_num_bits(RSA_get0_n(key->rsa)); ++ if (keybits < 0 || bits != (u_int)keybits) ++ pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", ++ BN_num_bits(RSA_get0_n(key->rsa)), bits); ++#endif + break; + case 2: + blob = pamsshagentauth_buffer_get_string(&auth->identities, &blen); +@@ -422,9 +432,15 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, + } + pamsshagentauth_buffer_init(&buffer); + pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); ++#else ++ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(RSA_get0_n(key->rsa))); ++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_n(key->rsa)); ++#endif + pamsshagentauth_buffer_put_bignum(&buffer, challenge); + pamsshagentauth_buffer_append(&buffer, session_id, 16); + pamsshagentauth_buffer_put_int(&buffer, response_type); +@@ -501,6 +517,7 @@ ssh_agent_sign(AuthenticationConnection *auth, + static void + ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); + pamsshagentauth_buffer_put_bignum(b, key->n); + pamsshagentauth_buffer_put_bignum(b, key->e); +@@ -509,6 +526,16 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + pamsshagentauth_buffer_put_bignum(b, key->iqmp); /* ssh key->u */ + pamsshagentauth_buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ + pamsshagentauth_buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ ++#else ++ pamsshagentauth_buffer_put_int(b, BN_num_bits(RSA_get0_n(key))); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_n(key)); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_e(key)); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_d(key)); ++ /* To keep within the protocol: p < q for ssh. in SSL p > q */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_iqmp(key)); /* ssh key->u */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_q(key)); /* ssh key->p, SSL key->q */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_p(key)); /* ssh key->q, SSL key->p */ ++#endif + pamsshagentauth_buffer_put_cstring(b, comment); + } + +@@ -518,19 +545,36 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); + switch (key->type) { + case KEY_RSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->iqmp); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->q); ++#else ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_n(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_d(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_iqmp(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_p(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_q(key->rsa)); ++#endif + break; + case KEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->pub_key); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->priv_key); ++#else ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_p(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_q(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_g(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_pub_key(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_priv_key(key->dsa)); ++#endif + break; + } + pamsshagentauth_buffer_put_cstring(b, comment); +@@ -610,9 +654,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) + + if (key->type == KEY_RSA1) { + pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); ++#else ++ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(RSA_get0_n(key->rsa))); ++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_n(key->rsa)); ++#endif + } else if (key->type == KEY_DSA || key->type == KEY_RSA) { + pamsshagentauth_key_to_blob(key, &blob, &blen); + pamsshagentauth_buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); +diff --git a/bufbn.c b/bufbn.c +index 6a49c73..4ecedc1 100644 +--- a/bufbn.c ++++ b/bufbn.c +@@ -151,7 +151,11 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) + pamsshagentauth_buffer_put_int(buffer, 0); + return 0; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (value->neg) { ++#else ++ if (BN_is_negative(value)) { ++#endif + pamsshagentauth_logerror("buffer_put_bignum2_ret: negative numbers not supported"); + return (-1); + } +diff --git a/cipher.h b/cipher.h +index 49bbc16..64f59ca 100644 +--- a/cipher.h ++++ b/cipher.h +@@ -59,15 +59,18 @@ + #define CIPHER_DECRYPT 0 + + typedef struct Cipher Cipher; +-typedef struct CipherContext CipherContext; ++// typedef struct CipherContext CipherContext; + + struct Cipher; ++/* + struct CipherContext { + int plaintext; + EVP_CIPHER_CTX evp; + Cipher *cipher; + }; ++*/ + ++/* + u_int cipher_mask_ssh1(int); + Cipher *cipher_by_name(const char *); + Cipher *cipher_by_number(int); +@@ -88,4 +91,5 @@ void cipher_set_keyiv(CipherContext *, u_char *); + int cipher_get_keyiv_len(const CipherContext *); + int cipher_get_keycontext(const CipherContext *, u_char *); + void cipher_set_keycontext(CipherContext *, u_char *); ++*/ + #endif /* CIPHER_H */ +diff --git a/kex.h b/kex.h +index 8e29c90..81ca57d 100644 +--- a/kex.h ++++ b/kex.h +@@ -70,7 +70,7 @@ enum kex_exchange { + #define KEX_INIT_SENT 0x0001 + + typedef struct Kex Kex; +-typedef struct Mac Mac; ++// typedef struct Mac Mac; + typedef struct Comp Comp; + typedef struct Enc Enc; + typedef struct Newkeys Newkeys; +@@ -84,6 +84,7 @@ struct Enc { + u_char *key; + u_char *iv; + }; ++/* + struct Mac { + char *name; + int enabled; +@@ -95,11 +96,13 @@ struct Mac { + HMAC_CTX evp_ctx; + struct umac_ctx *umac_ctx; + }; ++*/ + struct Comp { + int type; + int enabled; + char *name; + }; ++/* + struct Newkeys { + Enc enc; + Mac mac; +@@ -126,7 +129,9 @@ struct Kex { + int (*host_key_index)(Key *); + void (*kex[KEX_MAX])(Kex *); + }; ++*/ + ++/* + Kex *kex_setup(char *[PROPOSAL_MAX]); + void kex_finish(Kex *); + +@@ -152,6 +157,8 @@ kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, + void + derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); + ++*/ ++ + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) + void dump_digest(char *, u_char *, int); + #endif +diff --git a/key.c b/key.c +index 107a442..aedbbb5 100644 +--- a/key.c ++++ b/key.c +@@ -77,15 +77,21 @@ pamsshagentauth_key_new(int type) + case KEY_RSA: + if ((rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_new: RSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((rsa->n = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((rsa->e = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); ++#else ++ if (RSA_set0_key(rsa, BN_new(), BN_new(), NULL) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); ++#endif + k->rsa = rsa; + break; + case KEY_DSA: + if ((dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_new: DSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((dsa->p = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->q = BN_new()) == NULL) +@@ -94,6 +100,12 @@ pamsshagentauth_key_new(int type) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->pub_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); ++#else ++ if (DSA_set0_pqg(dsa, BN_new(), BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: DSA_set0_pqg failed"); ++ if (DSA_set0_key(dsa, BN_new(), NULL) != 1) ++ pamsshagentauth_fatal("key_new: DSA_set0_key failed"); ++#endif + k->dsa = dsa; + break; + case KEY_ECDSA: +@@ -118,6 +130,7 @@ pamsshagentauth_key_new_private(int type) + switch (k->type) { + case KEY_RSA1: + case KEY_RSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((k->rsa->d = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->iqmp = BN_new()) == NULL) +@@ -130,14 +143,30 @@ pamsshagentauth_key_new_private(int type) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->dmp1 = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); ++#else ++ if (RSA_set0_key(k->rsa, NULL, NULL, BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); ++ if (RSA_set0_crt_params(k->rsa, BN_new(), BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_crt_params failed"); ++ if (RSA_set0_factors(k->rsa, BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_factors failed"); ++#endif + break; + case KEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((k->dsa->priv_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); ++#else ++ if (DSA_set0_key(k->dsa, NULL, BN_new()) != 1) ++ pamsshagentauth_fatal("key_new_private: DSA_set0_key failed"); ++#endif + break; + case KEY_ECDSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) + pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); ++#else ++#endif + break; + case KEY_ED25519: + RAND_bytes(k->ed25519->sk, sizeof(k->ed25519->sk)); +@@ -195,14 +224,26 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + case KEY_RSA1: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; ++#else ++ BN_cmp(RSA_get0_e(a->rsa), RSA_get0_e(b->rsa)) == 0 && ++ BN_cmp(RSA_get0_n(a->rsa), RSA_get0_n(b->rsa)) == 0; ++#endif + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && + BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; ++#else ++ BN_cmp(DSA_get0_p(a->dsa), DSA_get0_p(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_q(a->dsa), DSA_get0_q(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_g(a->dsa), DSA_get0_g(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_pub_key(a->dsa), DSA_get0_pub_key(b->dsa)) == 0; ++#endif + case KEY_ECDSA: + return a->ecdsa != NULL && b->ecdsa != NULL && + EC_KEY_check_key(a->ecdsa) == 1 && +@@ -231,7 +272,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + u_int *dgst_raw_length) + { + const EVP_MD *md = NULL; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + u_char *blob = NULL; + u_char *retval = NULL; + u_int len = 0; +@@ -252,12 +293,21 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + switch (k->type) { + case KEY_RSA1: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); + len = nlen + elen; + blob = pamsshagentauth_xmalloc(len); + BN_bn2bin(k->rsa->n, blob); + BN_bn2bin(k->rsa->e, blob + nlen); ++#else ++ nlen = BN_num_bytes(RSA_get0_n(k->rsa)); ++ elen = BN_num_bytes(RSA_get0_e(k->rsa)); ++ len = nlen + elen; ++ blob = pamsshagentauth_xmalloc(len); ++ BN_bn2bin(RSA_get0_n(k->rsa), blob); ++ BN_bn2bin(RSA_get0_e(k->rsa), blob + nlen); ++#endif + break; + case KEY_DSA: + case KEY_ECDSA: +@@ -273,11 +323,14 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + if (blob != NULL) { + retval = pamsshagentauth_xmalloc(EVP_MAX_MD_SIZE); +- EVP_DigestInit(&ctx, md); +- EVP_DigestUpdate(&ctx, blob, len); +- EVP_DigestFinal(&ctx, retval, dgst_raw_length); ++ /* XXX Errors from EVP_* functions are not hadled */ ++ ctx = EVP_MD_CTX_create(); ++ EVP_DigestInit(ctx, md); ++ EVP_DigestUpdate(ctx, blob, len); ++ EVP_DigestFinal(ctx, retval, dgst_raw_length); + memset(blob, 0, len); + pamsshagentauth_xfree(blob); ++ EVP_MD_CTX_destroy(ctx); + } else { + pamsshagentauth_fatal("key_fingerprint_raw: blob is null"); + } +@@ -457,10 +510,17 @@ pamsshagentauth_key_read(Key *ret, char **cpp) + return -1; + *cpp = cp; + /* Get public exponent, public modulus. */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!read_bignum(cpp, ret->rsa->e)) + return -1; + if (!read_bignum(cpp, ret->rsa->n)) + return -1; ++#else ++ if (!read_bignum(cpp, RSA_get0_e(ret->rsa))) ++ return -1; ++ if (!read_bignum(cpp, RSA_get0_n(ret->rsa))) ++ return -1; ++#endif + success = 1; + break; + case KEY_UNSPEC: +@@ -583,10 +643,17 @@ pamsshagentauth_key_write(const Key *key, FILE *f) + + if (key->type == KEY_RSA1 && key->rsa != NULL) { + /* size of modulus 'n' */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + bits = BN_num_bits(key->rsa->n); + fprintf(f, "%u", bits); + if (write_bignum(f, key->rsa->e) && + write_bignum(f, key->rsa->n)) { ++#else ++ bits = BN_num_bits(RSA_get0_n(key->rsa)); ++ fprintf(f, "%u", bits); ++ if (write_bignum(f, RSA_get0_e(key->rsa)) && ++ write_bignum(f, RSA_get0_n(key->rsa))) { ++#endif + success = 1; + } else { + pamsshagentauth_logerror("key_write: failed for RSA key"); +@@ -675,10 +742,17 @@ pamsshagentauth_key_size(const Key *k) + { + switch (k->type) { + case KEY_RSA1: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + case KEY_RSA: + return BN_num_bits(k->rsa->n); + case KEY_DSA: + return BN_num_bits(k->dsa->p); ++#else ++ case KEY_RSA: ++ return BN_num_bits(RSA_get0_n(k->rsa)); ++ case KEY_DSA: ++ return BN_num_bits(DSA_get0_p(k->dsa)); ++#endif + case KEY_ECDSA: + { + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(k->ecdsa)); +@@ -769,17 +843,29 @@ pamsshagentauth_key_from_private(const Key *k) + switch (k->type) { + case KEY_DSA: + n = pamsshagentauth_key_new(k->type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || + (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) ++#else ++ if ((BN_copy(DSA_get0_p(n->dsa), DSA_get0_p(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_q(n->dsa), DSA_get0_q(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_g(n->dsa), DSA_get0_g(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_pub_key(n->dsa), DSA_get0_pub_key(k->dsa)) == NULL)) ++#endif + pamsshagentauth_fatal("key_from_private: BN_copy failed"); + break; + case KEY_RSA: + case KEY_RSA1: + n = pamsshagentauth_key_new(k->type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) ++#else ++ if ((BN_copy(RSA_get0_n(n->rsa), RSA_get0_n(k->rsa)) == NULL) || ++ (BN_copy(RSA_get0_e(n->rsa), RSA_get0_e(k->rsa)) == NULL)) ++#endif + pamsshagentauth_fatal("key_from_private: BN_copy failed"); + break; + case KEY_ECDSA: +@@ -881,8 +967,13 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + switch (type) { + case KEY_RSA: + key = pamsshagentauth_key_new(type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { ++#else ++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_e(key->rsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_n(key->rsa)) == -1) { ++#endif + pamsshagentauth_logerror("key_from_blob: can't read rsa key"); + pamsshagentauth_key_free(key); + key = NULL; +@@ -894,10 +985,17 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + break; + case KEY_DSA: + key = pamsshagentauth_key_new(type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { ++#else ++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_p(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_q(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_g(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_pub_key(key->dsa)) == -1) { ++#endif + pamsshagentauth_logerror("key_from_blob: can't read dsa key"); + pamsshagentauth_key_free(key); + key = NULL; +@@ -1015,6 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + } + pamsshagentauth_buffer_init(&b); + switch (key->type) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + case KEY_DSA: + pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); + pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); +@@ -1027,6 +1126,20 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + pamsshagentauth_buffer_put_bignum2(&b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(&b, key->rsa->n); + break; ++#else ++ case KEY_DSA: ++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_p(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_q(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_g(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_pub_key(key->dsa)); ++ break; ++ case KEY_RSA: ++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); ++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_n(key->rsa)); ++ break; ++#endif + case KEY_ECDSA: + { + size_t l = 0; +@@ -1138,14 +1251,20 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: RSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); ++#else ++ if (RSA_set0_key(pk->rsa, BN_dup(RSA_get0_n(k->rsa)), BN_dup(RSA_get0_e(k->rsa)), NULL) != 1) ++ pamsshagentauth_fatal("key_demote: RSA_set0_key failed"); ++#endif + break; + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: DSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) +@@ -1154,6 +1273,12 @@ pamsshagentauth_key_demote(const Key *k) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); ++#else ++ if (DSA_set0_pqg(pk->dsa, BN_dup(DSA_get0_p(k->dsa)), BN_dup(DSA_get0_q(k->dsa)), BN_dup(DSA_get0_g(k->dsa))) != 1) ++ pamsshagentauth_fatal("key_demote: DSA_set0_pqg failed"); ++ if (DSA_set0_key(pk->dsa, BN_dup(DSA_get0_pub_key(k->dsa)), NULL) != 1) ++ pamsshagentauth_fatal("key_demote: DSA_set0_key failed"); ++#endif + break; + case KEY_ECDSA: + pamsshagentauth_fatal("key_demote: implement me"); +diff --git a/ssh-dss.c b/ssh-dss.c +index 9fdaa5d..1051ae2 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -48,37 +48,53 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + { + DSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha1(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { + pamsshagentauth_logerror("ssh_dss_sign: no DSA key"); + return -1; + } +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + sig = DSA_do_sign(digest, dlen, key->dsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (sig == NULL) { + pamsshagentauth_logerror("ssh_dss_sign: sign failed"); + return -1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); ++#else ++ DSA_SIG_get0((const DSA_SIG *)sig, (const BIGNUM **)r, (const BIGNUM **)s); ++ rlen = BN_num_bytes(r); ++ slen = BN_num_bytes(s); ++#endif + if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { + pamsshagentauth_logerror("bad sig size %u %u", rlen, slen); + DSA_SIG_free(sig); + return -1; + } + memset(sigblob, 0, SIGBLOB_LEN); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); ++#else ++ BN_bn2bin(r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); ++ BN_bn2bin(s, sigblob+ SIGBLOB_LEN - slen); ++#endif + DSA_SIG_free(sig); + + if (datafellows & SSH_BUG_SIGBLOB) { +@@ -110,11 +126,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + DSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha1(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { + pamsshagentauth_logerror("ssh_dss_verify: no DSA key"); +@@ -157,6 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + /* parse signature */ + if ((sig = DSA_SIG_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((sig->r = BN_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); + if ((sig->s = BN_new()) == NULL) +@@ -164,18 +184,33 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) + pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); ++#else ++ if ((r = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); ++ if ((s = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); ++ if (DSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); ++ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || ++ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); ++ if (DSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); ++#endif + + /* clean up */ + memset(sigblob, 0, len); + pamsshagentauth_xfree(sigblob); + + /* sha1 the data */ +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = DSA_do_verify(digest, dlen, sig, key->dsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + DSA_SIG_free(sig); + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index efa0f3d..c213959 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -41,22 +41,27 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + { + ECDSA_SIG *sig; + const EVP_MD *evp_md = evp_from_key(key); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); + return -1; + } + +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + sig = ECDSA_do_sign(digest, dlen, key->ecdsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (sig == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: sign failed"); +@@ -64,8 +69,14 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + } + + pamsshagentauth_buffer_init(&bb); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { ++#else ++ DSA_SIG_get0(sig, &r, &s); ++ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, r) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&bb, s) == -1) { ++#endif + pamsshagentauth_logerror("couldn't serialize signature"); + ECDSA_SIG_free(sig); + return -1; +@@ -94,11 +105,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + ECDSA_SIG *sig; + const EVP_MD *evp_md = evp_from_key(key); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); +@@ -127,8 +141,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) ++#else ++ DSA_SIG_get0(sig, &r, &s); ++ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) || ++ (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1)) ++#endif + pamsshagentauth_fatal("ssh_ecdsa_verify:" + "pamsshagentauth_buffer_get_bignum2_ret failed"); + +@@ -137,16 +157,18 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_xfree(sigblob); + + /* sha256 the data */ +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + ECDSA_SIG_free(sig); + + pamsshagentauth_verbose("ssh_ecdsa_verify: signature %s", + ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); + return ret; +-} +\ No newline at end of file ++} +diff --git a/ssh-rsa.c b/ssh-rsa.c +index d05844b..9d74eb6 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -40,7 +40,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) + { + const EVP_MD *evp_md; +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sig; + u_int slen, dlen, len; + int ok, nid; +@@ -55,6 +55,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + pamsshagentauth_logerror("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); + return -1; + } ++ md = EVP_MD_CTX_create(); + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, data, datalen); + EVP_DigestFinal(&md, digest, &dlen); +@@ -64,6 +65,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + + ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (ok != 1) { + int ecode = ERR_get_error(); +@@ -107,7 +109,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + Buffer b; + const EVP_MD *evp_md; +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + char *ktype; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen, modlen; +@@ -117,9 +119,17 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); + return -1; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++#else ++ if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++#endif + pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); ++#else ++ BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); ++#endif + return -1; + } + pamsshagentauth_buffer_init(&b); +@@ -161,12 +171,14 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_xfree(sigblob); + return -1; + } +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + memset(sigblob, 's', len); + pamsshagentauth_xfree(sigblob); + pamsshagentauth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); + +From 4dc87369134f215378042ec4d971a4fe48d1a02b Mon Sep 17 00:00:00 2001 +From: Guido Falsi <mad@madpilot.net> +Date: Wed, 24 Oct 2018 20:36:15 +0200 +Subject: [PATCH 2/2] Check against the correct OPENSSL_VERSION_NUMBER + +Alexey Dokuchaev (a fellow FreeBSD developer) pointed out to me the opaque structures were introduced in 1.1.0-pre +5, so the correct OPENSSL_VERSION_NUMBER to discriminate is 0x10100005L. +--- + authfd.c | 12 ++++++------ + bufbn.c | 2 +- + key.c | 36 ++++++++++++++++++------------------ + ssh-dss.c | 10 +++++----- + ssh-ecdsa.c | 8 ++++---- + ssh-rsa.c | 4 ++-- + 6 files changed, 36 insertions(+), 36 deletions(-) + +diff --git a/authfd.c b/authfd.c +index 35f8de1..01d1d89 100644 +--- a/authfd.c ++++ b/authfd.c +@@ -372,7 +372,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + case 1: + key = pamsshagentauth_key_new(KEY_RSA1); + bits = pamsshagentauth_buffer_get_int(&auth->identities); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); + *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); +@@ -432,7 +432,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, + } + pamsshagentauth_buffer_init(&buffer); + pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); +@@ -517,7 +517,7 @@ ssh_agent_sign(AuthenticationConnection *auth, + static void + ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); + pamsshagentauth_buffer_put_bignum(b, key->n); + pamsshagentauth_buffer_put_bignum(b, key->e); +@@ -545,7 +545,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); + switch (key->type) { + case KEY_RSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); +@@ -562,7 +562,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + #endif + break; + case KEY_DSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); +@@ -654,7 +654,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) + + if (key->type == KEY_RSA1) { + pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); +diff --git a/bufbn.c b/bufbn.c +index 4ecedc1..b4754cc 100644 +--- a/bufbn.c ++++ b/bufbn.c +@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) + pamsshagentauth_buffer_put_int(buffer, 0); + return 0; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (value->neg) { + #else + if (BN_is_negative(value)) { +diff --git a/key.c b/key.c +index aedbbb5..dcc5fc8 100644 +--- a/key.c ++++ b/key.c +@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type) + case KEY_RSA: + if ((rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_new: RSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((rsa->n = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((rsa->e = BN_new()) == NULL) +@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type) + case KEY_DSA: + if ((dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_new: DSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((dsa->p = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->q = BN_new()) == NULL) +@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type) + switch (k->type) { + case KEY_RSA1: + case KEY_RSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((k->rsa->d = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->iqmp = BN_new()) == NULL) +@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type) + #endif + break; + case KEY_DSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((k->dsa->priv_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + #else +@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type) + #endif + break; + case KEY_ECDSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) + pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); + #else +@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + case KEY_RSA1: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; + #else +@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + #endif + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && +@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + switch (k->type) { + case KEY_RSA1: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); + len = nlen + elen; +@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp) + return -1; + *cpp = cp; + /* Get public exponent, public modulus. */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (!read_bignum(cpp, ret->rsa->e)) + return -1; + if (!read_bignum(cpp, ret->rsa->n)) +@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f) + + if (key->type == KEY_RSA1 && key->rsa != NULL) { + /* size of modulus 'n' */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + bits = BN_num_bits(key->rsa->n); + fprintf(f, "%u", bits); + if (write_bignum(f, key->rsa->e) && +@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k) + { + switch (k->type) { + case KEY_RSA1: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + case KEY_RSA: + return BN_num_bits(k->rsa->n); + case KEY_DSA: +@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k) + switch (k->type) { + case KEY_DSA: + n = pamsshagentauth_key_new(k->type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || +@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k) + case KEY_RSA: + case KEY_RSA1: + n = pamsshagentauth_key_new(k->type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + #else +@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + switch (type) { + case KEY_RSA: + key = pamsshagentauth_key_new(type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { + #else +@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + break; + case KEY_DSA: + key = pamsshagentauth_key_new(type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || +@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + } + pamsshagentauth_buffer_init(&b); + switch (key->type) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + case KEY_DSA: + pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); + pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); +@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: RSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) +@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: DSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) +diff --git a/ssh-dss.c b/ssh-dss.c +index 1051ae2..9b96274 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + const BIGNUM *r, *s; + #endif + +@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + return -1; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); + #else +@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + return -1; + } + memset(sigblob, 0, SIGBLOB_LEN); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); + #else +@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + u_int len, dlen; + int rlen, ret; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + /* parse signature */ + if ((sig = DSA_SIG_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((sig->r = BN_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); + if ((sig->s = BN_new()) == NULL) +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index c213959..5b13b30 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + } + + pamsshagentauth_buffer_init(&bb); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { + #else +@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + u_int len, dlen; + int rlen, ret; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) + #else +diff --git a/ssh-rsa.c b/ssh-rsa.c +index 9d74eb6..35f2e36 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); + return -1; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + #else + if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + #endif + pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); + #else + BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); diff --git a/sys-auth/pam_ssh_agent_auth/metadata.xml b/sys-auth/pam_ssh_agent_auth/metadata.xml index b2c4b0002ee6..cbaa4da90d44 100644 --- a/sys-auth/pam_ssh_agent_auth/metadata.xml +++ b/sys-auth/pam_ssh_agent_auth/metadata.xml @@ -6,5 +6,6 @@ </maintainer> <upstream> <remote-id type="sourceforge">pamsshagentauth</remote-id> + <remote-id type="github">jbeverly/pam_ssh_agent_auth</remote-id> </upstream> </pkgmetadata> diff --git a/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.3.ebuild b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.3.ebuild new file mode 100644 index 000000000000..8afccd4a9863 --- /dev/null +++ b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.3.ebuild @@ -0,0 +1,51 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit pam + +DESCRIPTION="Simple module to authenticate users against their ssh-agent keys" +HOMEPAGE="http://pamsshagentauth.sourceforge.net" + +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/jbeverly/${PN}.git" + inherit git-r3 +else + SRC_URI="mirror://sourceforge/pamsshagentauth/${PN}/v${PV}/${P}.tar.bz2" + KEYWORDS="~amd64 ~arm ~x86" +fi + +LICENSE="MIT" +SLOT="0" +IUSE="" + +PATCHES=( + "${FILESDIR}/${P}-openssl-1.1.1.patch" +) +DEPEND="virtual/pam + dev-libs/openssl:0=" + +RDEPEND="${DEPEND} + virtual/ssh" + +# needed for pod2man +DEPEND="${DEPEND} + dev-lang/perl" + +src_configure() { + pammod_hide_symbols + + econf \ + --without-openssl-header-check \ + --libexecdir="$(getpam_mod_dir)" +} + +src_install() { + # Don't use emake install as it makes it harder to have proper + # install paths. + dopammod pam_ssh_agent_auth.so + doman pam_ssh_agent_auth.8 + + dodoc CONTRIBUTORS +} diff --git a/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-9999.ebuild b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-9999.ebuild new file mode 100644 index 000000000000..2b877364229c --- /dev/null +++ b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-9999.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit pam + +DESCRIPTION="Simple module to authenticate users against their ssh-agent keys" +HOMEPAGE="http://pamsshagentauth.sourceforge.net" + +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/jbeverly/${PN}.git" + inherit git-r3 +else + SRC_URI="mirror://sourceforge/pamsshagentauth/${PN}/v${PV}/${P}.tar.bz2" + KEYWORDS="~amd64 ~arm ~x86" +fi + +LICENSE="MIT" +SLOT="0" +IUSE="" + +DEPEND="virtual/pam + dev-libs/openssl:0=" + +RDEPEND="${DEPEND} + virtual/ssh" + +# needed for pod2man +DEPEND="${DEPEND} + dev-lang/perl" + +src_configure() { + pammod_hide_symbols + + econf \ + --without-openssl-header-check \ + --libexecdir="$(getpam_mod_dir)" +} + +src_install() { + # Don't use emake install as it makes it harder to have proper + # install paths. + dopammod pam_ssh_agent_auth.so + doman pam_ssh_agent_auth.8 + + dodoc CONTRIBUTORS +} diff --git a/sys-auth/pambase/Manifest b/sys-auth/pambase/Manifest index 66d580387cb3..63adbe510944 100644 --- a/sys-auth/pambase/Manifest +++ b/sys-auth/pambase/Manifest @@ -8,5 +8,5 @@ DIST pambase-20101024.tar.bz2 3201 BLAKE2B 714da8dd0b354cee29ad175a0ed2094fba8f3 DIST pambase-20150213.tar.xz 3480 BLAKE2B 7c59774bb8888fd2c4656264f1d8ea8cdd5ffffff4dc5d03091592726c8bd7775ba1573091c8616aa891298a1fe309b19885b5ec21efb45fe38900b7c959aaf5 SHA512 3b49dd3f06a0942fcced95527f62cbc4ff723c48dc896a0b57ecd19736d2892db974c782be3fe24e8e6e17294869a772ae9ee6118af96dfdc7a3a6561dc3f3e5 EBUILD pambase-20101024-r2.ebuild 2725 BLAKE2B 77a4d16cd30dedfa2256fd687cbb4b54555aeb1abf36123d340e9354d6cf67e503b9feb26daf55eb508c87dacc8c7df996510bf65ad32e818e74bc1f0873eb0e SHA512 307ebed59ea5f7fbe48ff343833c4fc6ca54520434452823b21e76c25c5c173738fd8637869e9a9eb9025e1d2b4cd090b7421e0a35333217bae87e450c7eaa1d EBUILD pambase-20150213-r1.ebuild 2869 BLAKE2B 4edfad559a57065dba9b243c3e53505e1521be771042a4028516492d3eedd4b6508a03db4c489b96bb3ebf24438aaf04d943a67ffd9b3435169f3899cd06c4ba SHA512 888ca20c747ee47056873f407e13f9675012ac160b5c55dd5128ddf9be31af91996aeddaf5d863d2e38b3c4863bb9325ca247d16b3785396863d7e97d10c06ce -EBUILD pambase-20150213-r2.ebuild 2818 BLAKE2B fd9f990aaec3008040577bde0c98fb732f38db4e5006c669fda62a5533c8ac19760d014ccf13acfa15595dadf95cbe0cdfd7b74c321397671b63d5c5dd069d28 SHA512 84a7cf2012493b57ad60b41de3fa99ab0c83857898e394bfc9141aa5ba09a179fa02c48916b9564e5a967fe66a29e3b19a804108903bd6cd836f1b56c1ba53ab +EBUILD pambase-20150213-r2.ebuild 2816 BLAKE2B 7e0aa4b3b51f4f4785b58169aa0f4bacbbfd1a316e46ebae1d3ca268f8fd5ded938afad9589b94dc007788ad131197af7de8b3ea10688e8cd7b835f931d24011 SHA512 f9226c09dfee5417b50de562bfc1852eba0da8eccb044a1507a09501efeeecb6d37d9fe60b3e8eb07b892606df64c4c958ffca8d6aaded7da08f4a6f50b06861 MISC metadata.xml 4297 BLAKE2B 53d6b14f5e6cf707666441f1bef3c975d43f33387ceb482dd7c41e97b2771466a02efb3db1c881d354bcfff42010e1da47a28579972169e3c7edac33f43f565d SHA512 d717c2916e154630a756f7925794d43d43c5881bc9df53b82b35f86104366902a76f2d9298cf5a8511431084f0103fe91234c5e4172555677bbdc00db0a73a04 diff --git a/sys-auth/pambase/pambase-20150213-r2.ebuild b/sys-auth/pambase/pambase-20150213-r2.ebuild index 2ca79c1cc5f6..b602ef57d193 100644 --- a/sys-auth/pambase/pambase-20150213-r2.ebuild +++ b/sys-auth/pambase/pambase-20150213-r2.ebuild @@ -9,7 +9,7 @@ SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 -x86-fbsd ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 -x86-fbsd ~amd64-linux ~x86-linux" IUSE="consolekit +cracklib debug elogind minimal mktemp +nullok pam_krb5 pam_ssh passwdqc securetty selinux +sha512 systemd" RESTRICT="binchecks" diff --git a/sys-auth/polkit-qt/Manifest b/sys-auth/polkit-qt/Manifest index 91e156293824..c5ff9d2e6606 100644 --- a/sys-auth/polkit-qt/Manifest +++ b/sys-auth/polkit-qt/Manifest @@ -1,3 +1,3 @@ DIST polkit-qt-1-0.112.0_p20160416.tar.xz 64540 BLAKE2B fbc3631585801f42ff92324576a2bd82d61aa5b24317f95e1182c300073a8e746007fa3409127a50d7d3433c5092f56d72e2e579683d08145067d4424c4dfe7e SHA512 90677af780a2bbcb33b6a54702ba96f965eb8561f2636af7aa0146f9b2450f9e89f67e022ffa99742afe50e3d1f570eabfad686e9e08e629a1e662d9f5abf2ea -EBUILD polkit-qt-0.112.0_p20160416-r2.ebuild 827 BLAKE2B 853a15e7486a934a10aa4c1422129b1e5cb5207e1bd79febd2f004721fa0fd64dbe9136df90b3f8a46c8dc128be7b33058e989fff7422f9b9656d56be75671c3 SHA512 bc2339eb96e4897cae2a9cd23d1133858e11fc0052b942fb42600b80f6d88f47171163a923e9357dba6174732feb08ae95d738c1296bbf349e88597329353512 +EBUILD polkit-qt-0.112.0_p20160416-r2.ebuild 772 BLAKE2B 7c000cf2cb82eb4ee93af0f8748e08d1a996dda74ea744a323fd99fc86324898f02751bcd5b3e3525fb28cf98db28701ff0d0bb69e725a2f289d61b43d783ac6 SHA512 cbec6528f24aec75cf776e330eccade8dd9a7eaad5e1f3fba2d7366f0c1f338cb3c31ffe8786662d7c5f5d788870a70f8bf8c17eeed29754855756b9e5034b6b MISC metadata.xml 249 BLAKE2B ad415db89e5dee1627aa77f44ded9d4e1e5b8217d06c7ca25bbaa3fe92ce67c2b1090957c45a821b407d7927e5af798498aa6a5b903895ee1af8ee20a446c7f7 SHA512 76a5a340b13f0053ca3c5e94ed24380ea8d29b45ac8655419e22eaadb1e4a827c04d2e7e36b65145c4964e6526f656618fc6ac144e277ef53cb7373e6239e3c3 diff --git a/sys-auth/polkit-qt/polkit-qt-0.112.0_p20160416-r2.ebuild b/sys-auth/polkit-qt/polkit-qt-0.112.0_p20160416-r2.ebuild index cfd05deaabce..bc0b5722ceca 100644 --- a/sys-auth/polkit-qt/polkit-qt-0.112.0_p20160416-r2.ebuild +++ b/sys-auth/polkit-qt/polkit-qt-0.112.0_p20160416-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -13,7 +13,7 @@ SRC_URI="https://dev.gentoo.org/~kensington/distfiles/${MY_P}.tar.xz" LICENSE="LGPL-2" SLOT="0" KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd" -IUSE="debug examples" +IUSE="debug" RDEPEND=" dev-libs/glib:2 @@ -22,7 +22,6 @@ RDEPEND=" dev-qt/qtgui:5 dev-qt/qtwidgets:5 >=sys-auth/polkit-0.103 - examples? ( dev-qt/qtxml:5 ) " DEPEND="${RDEPEND}" @@ -32,7 +31,7 @@ S=${WORKDIR}/${MY_P} src_configure() { local mycmakeargs=( - -DBUILD_EXAMPLES=$(usex examples) + -DBUILD_EXAMPLES=OFF -DUSE_QT4=OFF -DUSE_QT5=ON ) diff --git a/sys-auth/sssd/Manifest b/sys-auth/sssd/Manifest index 5d38714ab219..b4a50ea3daa3 100644 --- a/sys-auth/sssd/Manifest +++ b/sys-auth/sssd/Manifest @@ -3,5 +3,7 @@ AUX sssd-1.13.0-fix-init.patch 814 BLAKE2B f7b242d81cae98a96c21c64b2ad672123acbc AUX sssd.conf 124 BLAKE2B b6f9c016a014510f97b036d23d5f50e1e13085220fe82b0e6ef7a3ceeb114e59af935f39e66e4ad60a46f43983930e5d381b16b0ed31ba4349abe38c4b509367 SHA512 f16908c44b213edbf6b0c6e8d49df92e8c06fc623279037074fe51e49b8aca7dc18f5ed83f71909fc8209df80dfc150583edb1687f88e61588bdf9d1fbf6ed5a AUX sssd.service 341 BLAKE2B 0cffcd43786633aa8e5bb42c54741cba676021c5a07554b08499504f8f630ff821ff334a21e2a4f9ae2d77d70d969018dd5a85d11b12bb31235a0ffcda4105c8 SHA512 99510d11f390722f56bc164059033fc40299dd4ea29f98cd5f08b2648f31b2e70afeb6b2d90f919bde595546c80b4e6941cf6f48130661ead09c0576043e4cf5 DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728 +DIST sssd-2.0.0.tar.gz 6263376 BLAKE2B 9785710d62485a1168749bf9a2989999f721e390356e599092f3274b6d7029af1f7d4c0a1b2b09d0d55233fd30cc661d4ad5bf9ca6ca53c75151dd1dab7515c5 SHA512 affeb0799d8a4fcbcb4b2ed7925b397ae6ba0e2982c5603e98636b765d3820a3b29ac58b0771e5cc00c752512f091ae4fd271d441544147a0570d3c14b535701 EBUILD sssd-1.16.3.ebuild 6152 BLAKE2B e7f48ce2e4f31e9357c34f0bcdea27279450a4a1ea98d1aa9f681d88c53e7c4608d349762d24ddeaa000128453ec5fd60931a8ac52e79eec6b0054015cf8f9f7 SHA512 0c009b5e3d0ed083622239f728f9bb52dc27c2ae1643f4c5f1e3e5e849d02a1103b11d7bb6f61407eb63dfbcff0c45274cf6a87e5303329d2b80128e965c696d -MISC metadata.xml 979 BLAKE2B ae7a77ef24839b280479080a868386834b66060e675425133765ffa37f582b8d9d26a879c502c7241e47f8cab952d37ca01d294d75b2c80637f45208240cbd41 SHA512 b4181dc83bf2308005fdc77632d8a3da55ac1fb3c09d4b89b4e1f08ba9c016d2a16adef1c6715eb036e6bac663f4afac6e5924f5da4ac8f1b3af9d7680c29d04 +EBUILD sssd-2.0.0.ebuild 6154 BLAKE2B f06bf92fedf1bb63849a072a2b7009abb6616dda008d0761c96bfc71b62e4c230795e0aedfb36083f4b0b5b1b540f848d970bb4c6a6d09fcdae6d1e9dbdd0ef2 SHA512 3d92a360e9de6315f2d74d6eabb76cca9e616dcfd1e51c9f61e2908ee065dbd27b970c79b9df7335c199b1a3836bfa06807de9d7976a58df72314c4ca95fbd7e +MISC metadata.xml 1090 BLAKE2B 7085d66b3454b3756d7dab49b6d9525c4ba90156d07f2710f4eb3c5bf3bbd9d10412d511dc0fe091ac4c5291f87a258fac6adbe9732d20a96660f4e0a66cf247 SHA512 2cbf20cd206a45bd82b1416926a02de06bf40b1b4168f19202c367cf8e24d764745b8a5116366ee10520cae15800e17b43d3000995419117f02b2d37474f142e diff --git a/sys-auth/sssd/metadata.xml b/sys-auth/sssd/metadata.xml index 4a4874f3d84e..852be6ff3f90 100644 --- a/sys-auth/sssd/metadata.xml +++ b/sys-auth/sssd/metadata.xml @@ -2,8 +2,12 @@ <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="person"> - <email>zlogene@gentoo.org</email> - <name>Mikle Kolyada</name> + <email>zlogene@gentoo.org</email> + <name>Mikle Kolyada</name> + </maintainer> + <maintainer type="person"> + <email>alexxy@gentoo.org</email> + <name>Alexey Shvetsov</name> </maintainer> <use> <flag name="acl"> Build and use the cifsidmap plugin</flag> diff --git a/sys-auth/sssd/sssd-2.0.0.ebuild b/sys-auth/sssd/sssd-2.0.0.ebuild new file mode 100644 index 000000000000..89c48c4c915c --- /dev/null +++ b/sys-auth/sssd/sssd-2.0.0.ebuild @@ -0,0 +1,235 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5,3_6,3_7} ) + +inherit autotools flag-o-matic linux-info multilib-minimal pam python-r1 systemd toolchain-funcs + +DESCRIPTION="System Security Services Daemon provides access to identity and authentication" +HOMEPAGE="https://pagure.io/SSSD/sssd" +SRC_URI="http://releases.pagure.org/SSSD/${PN}/${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl autofs +locator +netlink nfsv4 nls +manpages python samba selinux sudo ssh test" + +COMMON_DEP=" + >=virtual/pam-0-r1[${MULTILIB_USEDEP}] + >=dev-libs/popt-1.16 + dev-libs/glib:2 + >=dev-libs/ding-libs-0.2 + >=sys-libs/talloc-2.0.7 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.16 + >=sys-libs/ldb-1.1.17-r1:= + >=net-nds/openldap-2.4.30[sasl] + net-libs/http-parser + >=dev-libs/libpcre-8.30 + >=app-crypt/mit-krb5-1.10.3 + dev-libs/jansson + locator? ( + >=app-crypt/mit-krb5-1.12.2[${MULTILIB_USEDEP}] + >=net-dns/c-ares-1.10.0-r1[${MULTILIB_USEDEP}] + ) + >=sys-apps/keyutils-1.5 + >=net-dns/c-ares-1.7.4 + >=dev-libs/nss-3.12.9 + selinux? ( + >=sys-libs/libselinux-2.1.9 + >=sys-libs/libsemanage-2.1 + ) + >=net-dns/bind-tools-9.9[gssapi] + >=dev-libs/cyrus-sasl-2.1.25-r3[kerberos] + >=sys-apps/dbus-1.6 + acl? ( net-fs/cifs-utils[acl] ) + nfsv4? ( || ( >=net-fs/nfs-utils-2.3.1-r2 net-libs/libnfsidmap ) ) + nls? ( >=sys-devel/gettext-0.18 ) + virtual/libintl + netlink? ( dev-libs/libnl:3 ) + samba? ( >=net-fs/samba-4.5 ) + " + +RDEPEND="${COMMON_DEP} + >=sys-libs/glibc-2.17[nscd] + selinux? ( >=sec-policy/selinux-sssd-2.20120725-r9 ) + " +DEPEND="${COMMON_DEP} + test? ( dev-libs/check ) + manpages? ( + >=dev-libs/libxslt-1.1.26 + app-text/docbook-xml-dtd:4.4 + )" + +CONFIG_CHECK="~KEYS" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/ipa_hbac.h + /usr/include/sss_idmap.h + /usr/include/sss_nss_idmap.h + /usr/include/wbclient_sssd.h + # --with-ifp + /usr/include/sss_sifp.h + /usr/include/sss_sifp_dbus.h + # from 1.15.3 + /usr/include/sss_certmap.h +) + +pkg_setup(){ + linux-info_pkg_setup +} + +src_prepare() { + sed -i 's:#!/sbin/runscript:#!/sbin/openrc-run:' \ + "${S}"/src/sysv/gentoo/sssd.in || die "sed sssd.in" + + default + eautoreconf + multilib_copy_sources +} + +src_configure() { + local native_dbus_cflags=$($(tc-getPKG_CONFIG) --cflags dbus-1) + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # set initscript to sysv because the systemd option needs systemd to + # be installed. We provide our own systemd file anyway. + local myconf=() + if [[ "${PYTHON_TARGETS}" == *python2* ]]; then + myconf+=($(multilib_native_use_with python python2-bindings)) + fi + if [[ "${PYTHON_TARGETS}" == *python3* ]]; then + myconf+=($(multilib_native_use_with python python3-bindings)) + fi + #Work around linker dependency problem. + append-ldflags "-Wl,--allow-shlib-undefined" + + myconf+=( + --localstatedir="${EPREFIX}"/var + --enable-nsslibdir="${EPREFIX}"/$(get_libdir) + --with-plugin-path="${EPREFIX}"/usr/$(get_libdir)/sssd + --enable-pammoddir="${EPREFIX}"/$(getpam_mod_dir) + --with-ldb-lib-dir="${EPREFIX}"/usr/$(get_libdir)/samba/ldb + --with-os=gentoo + --with-nscd + --with-unicode-lib="glib2" + --disable-rpath + --disable-silent-rules + --sbindir=/usr/sbin + --without-kcm + $(use_with samba libwbclient) + --with-secrets + $(multilib_native_use_with samba) + $(multilib_native_use_enable acl cifs-idmap-plugin) + $(multilib_native_use_with selinux) + $(multilib_native_use_with selinux semanage) + $(use_enable locator krb5-locator-plugin) + $(multilib_native_use_with nfsv4 nfsv4-idmapd-plugin) + $(use_enable nls ) + $(multilib_native_use_with netlink libnl) + $(multilib_native_use_with manpages) + $(multilib_native_use_with sudo) + $(multilib_native_use_with autofs) + $(multilib_native_use_with ssh) + --with-crypto="nss" + --with-initscript="sysv" + + KRB5_CONFIG=/usr/bin/${CHOST}-krb5-config + ) + + if ! multilib_is_native_abi; then + # work-around all the libraries that are used for CLI and server + myconf+=( + {POPT,TALLOC,TDB,TEVENT,LDB}_{CFLAGS,LIBS}=' ' + # ldb headers are fine since native needs it + # ldb lib fails... but it does not seem to bother + {DHASH,COLLECTION,INI_CONFIG_V{0,1,1_1}}_{CFLAGS,LIBS}=' ' + {PCRE,CARES,SYSTEMD_LOGIN,SASL,GLIB2,DBUS,CRYPTO}_{CFLAGS,LIBS}=' ' + + # use native include path for dbus (needed for build) + DBUS_CFLAGS="${native_dbus_cflags}" + + # non-pkgconfig checks + ac_cv_lib_ldap_ldap_search=yes + --without-secrets + --without-libwbclient + --without-kcm + --with-crypto="" + ) + + use locator || myconf+=( + KRB5_CONFIG=/bin/true + ) + fi + + econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + else + emake libnss_sss.la pam_sss.la + use locator && emake sssd_krb5_locator_plugin.la + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake -j1 DESTDIR="${D}" "${_at_args[@]}" install + else + # easier than playing with automake... + dopammod .libs/pam_sss.so + + into / + dolib .libs/libnss_sss.so* + + if use locator; then + exeinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doexe .libs/sssd_krb5_locator_plugin.so + fi + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die + + insinto /etc/sssd + insopts -m600 + doins "${S}"/src/examples/sssd-example.conf + + insinto /etc/logrotate.d + insopts -m644 + newins "${S}"/src/examples/logrotate sssd + + newconfd "${FILESDIR}"/sssd.conf sssd + newinitd "${FILESDIR}"/sssd sssd + + keepdir /var/lib/sss/db + keepdir /var/lib/sss/deskprofile + keepdir /var/lib/sss/gpo_cache + keepdir /var/lib/sss/keytabs + keepdir /var/lib/sss/mc + keepdir /var/lib/sss/pipes/private + keepdir /var/lib/sss/pubconf/krb5.include.d + keepdir /var/lib/sss/secrets + keepdir /var/log/sssd + + systemd_dounit "${FILESDIR}/${PN}.service" +} + +multilib_src_test() { + default +} + +pkg_postinst(){ + elog "You must set up sssd.conf (default installed into /etc/sssd)" + elog "and (optionally) configuration in /etc/pam.d in order to use SSSD" + elog "features. Please see howto in http://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2" +} |