## ## sasl.spec -- OpenPKG RPM Package Specification ## Copyright (c) 2000-2022 OpenPKG Project ## ## Permission to use, copy, modify, and distribute this software for ## any purpose with or without fee is hereby granted, provided that ## the above copyright notice and this permission notice appear in all ## copies. ## ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ## SUCH DAMAGE. ## # package information Name: sasl Summary: Simple Authentication and Security Layer (SASL) URL: http://www.cyrusimap.org/ Vendor: Cyrus Project, CMU Packager: OpenPKG Project Distribution: OpenPKG Community Class: BASE Group: Cryptography License: BSD Version: 2.1.26 Release: 20150101 # package options %option with_fsl yes %option with_sasldb yes %option with_pam no %option with_login no %option with_ldap no %option with_mysql no %option with_pgsql no %option with_sqlite no %option with_ntlm no %option with_otp no %option with_srp no %option with_kerberos no # list of sources Source0: ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-%{version}.tar.gz Source1: rc.sasl Source2: fsl.sasl Source3: saslauthd.conf Source4: sasl.pc Patch0: sasl.patch # build information BuildPreReq: OpenPKG, openpkg >= 20160101, gcc, make, groff PreReq: OpenPKG, openpkg >= 20160101 BuildPreReq: db >= 4.1.24, openssl PreReq: db >= 4.1.24, openssl %if "%{with_fsl}" == "yes" BuildPreReq: fsl PreReq: fsl %endif %if "%{with_pam}" == "yes" BuildPreReq: PAM PreReq: PAM %endif %if "%{with_ldap}" == "yes" BuildPreReq: openldap PreReq: openldap %endif %if "%{with_mysql}" == "yes" BuildPreReq: mysql PreReq: mysql %endif %if "%{with_pgsql}" == "yes" BuildPreReq: postgresql PreReq: postgresql %endif %if "%{with_sqlite}" == "yes" BuildPreReq: sqlite PreReq: sqlite %endif %if "%{with_otp}" == "yes" BuildPreReq: opie PreReq: opie %endif %if "%{with_kerberos}" == "yes" BuildPreReq: KERBEROS PreReq: KERBEROS %endif %description SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. %track prog sasl = { version = %{version} url = ftp://ftp.cyrusimap.org/cyrus-sasl/ regex = cyrus-sasl-(\d+\.\d+\.\d+)\.tar\.gz } %prep %setup -q -n cyrus-sasl-%{version} %patch -p0 %build # disable some unwanted configure checks %{l_shtool} subst \ -e 's;\(SASL_DB_UTILS="saslpasswd2 sasldblistusers2\);\1 dbconverter-2;' \ -e "s;javac;javac-xxx;g" \ -e "s;javah;javah-xxx;g" \ -e "s;javadoc;javadoc-xxx;g" \ -e "s;-lsqlite\\([^3]\\);-lsqlite3\\1;g" \ configure # fix OpenLDAP support %if "%{with_ldap}" == "yes" echo 'ac_cv_lib_ldap_ldap_initialize=yes' >config.cache %{l_shtool} subst \ -e "s;\(\$LDAP_LIBS\) *\(-lcrypto\);\1 -lssl -lcrypto \2;" \ saslauthd/configure %endif # fix GSS/Kerberos support %if "%{with_kerberos}" == "yes" %{l_shtool} subst \ -e 's;\(-lk5crypto\);\1 -lkrb5support;' \ configure %endif # enforce disabled Kerberos 5 support in saslauthd echo 'ac_cv_header_krb5_h=no' >config.cache # configure path to sasl-server config files %{l_shtool} subst \ -e 's;@l_sysconfdir@;%{l_prefix}/etc/sasl/sasl.d;g' \ lib/server.c # determine build flags cflags="%{l_cflags -O} %{l_cppflags}" ldflags="%{l_ldflags} %{l_fsl_ldflags}" libs="-ldb %{l_fsl_libs}" %if "%{with_ldap}" == "yes" cflags="$cflags -DAUTH_LDAP" %endif %if "%{with_mysql}" == "yes" libs="$libs -lz -lm" %endif %if "%{with_pgsql}" == "yes" cflags="$cflags -I%{l_cppflags postgresql}" libs="$libs -lssl -lcrypto -lcrypt" %endif %if "%{with_kerberos}" == "yes" cflags="$cflags `krb5-config --cflags gssapi`" libs="$libs `krb5-config --libs gssapi`" %endif case "%{l_platform -t}" in *-sunos* ) libs="$libs -lrt" ;; esac # configure package CC="%{l_cc}" \ CFLAGS="$cflags" \ CPPFLAGS="%{l_cppflags}" \ LDFLAGS="$ldflags" \ LIBS="$libs" \ ./configure \ --cache-file=./config.cache \ --prefix=%{l_prefix} \ --mandir=%{l_prefix}/man \ --sysconfdir=%{l_prefix}/etc/sasl \ --with-configdir=%{l_prefix}/etc/sasl/sasl.d \ --with-plugindir=%{l_prefix}/lib/sasl \ --with-saslauthd=%{l_prefix}/var/sasl/run/saslauthd \ --enable-digest \ --enable-cram \ --enable-anon \ %if "%{with_sasldb}" == "yes" --enable-auth-sasldb \ --with-dbpath=%{l_prefix}/var/sasl/run/sasl.db \ --with-dblib=berkeley \ --with-bdb-incdir=%{l_prefix}/include \ --with-bdb-libdir=%{l_prefix}/lib \ %else --with-dblib=none \ %endif --with-openssl=%{l_prefix} \ %if "%{with_pam}" == "yes" --with-pam \ %else --without-pam \ %endif %if "%{with_login}" == "yes" --enable-login \ %else --disable-login \ %endif %if "%{with_ldap}" == "yes" --with-ldap=%{l_prefix} \ %else --without-ldap \ %endif %if "%{with_otp}" == "yes" --enable-otp \ --with-opie=%{l_prefix} \ %else --disable-otp \ --without-opie \ %endif %if "%{with_srp}" == "yes" --enable-srp \ %else --disable-srp \ %endif %if "%{with_kerberos}" == "yes" --enable-gssapi \ --with-gss_impl=`if [ -d %{l_prefix}/include/heimdal ]; then echo "heimdal"; else echo "mit"; fi` \ %else --disable-gssapi \ --without-gss_impl \ %endif %if "%{with_mysql}" == "yes" || "%{with_pgsql}" == "yes" || "%{with_sqlite}" == "yes" --enable-sql \ %if "%{with_mysql}" == "yes" --with-mysql=%{l_prefix} \ %else --without-mysql \ %endif %if "%{with_pgsql}" == "yes" --with-pgsql=%{l_prefix} \ %else --without-pgsql \ %endif %if "%{with_sqlite}" == "yes" --with-sqlite=%{l_prefix} \ %else --without-sqlite \ %endif %endif %if "%{with_ntlm}" == "yes" --enable-ntlm \ %else --disable-ntlm \ %endif --enable-shared \ --enable-static \ --enable-staticdlopen \ --enable-sample \ --disable-java \ --disable-krb4 \ --without-des # post adjustment: trust me, libtool, I know what I am doing %{l_shtool} subst \ -e 's;^\(deplibs_check_method=\).*;\1"pass_all";' \ -e 's/\(eval libobjs=.*$whole_archive_flag_spec.*\)$/case $archive_cmds in \\$LD* ) wl= ;; esac; \1/' \ libtool # post adjustment: do not reference static plugins %{l_shtool} subst \ -e '58s;.*;#define PIC;' \ lib/dlopen.c # post adjustment: do not pull static plugins into static library %{l_shtool} subst \ -e 's;-ln -s $(SASL_STATIC_SRCS) .;-ln ../sasldb/*.o ../plugins/*.o $(SASL_STATIC_SRCS) .;' \ lib/Makefile # post adjustment: build utils against static library %{l_shtool} subst \ -e 's;\(\$(CCLD)\);\1 -static;' \ -e 's;\(noinst.*=\) *dbconverter.*;\1;' \ utils/Makefile \ sample/Makefile # post adjustment: fix OpenLDAP support %if "%{with_ldap}" == "yes" %{l_shtool} subst \ -e "s;^\(saslauthd_LDADD[ ]*=[ ]*[^\\]*\);\1 -lcrypt -lldap -llber -lssl -lcrypto ;" \ saslauthd/Makefile %endif # build package %{l_make} %{l_mflags} ( cd saslauthd %{l_make} %{l_mflags} testsaslauthd ) || exit $? ( cd sample %{l_make} %{l_mflags} sample-client sample-server ) || exit $? %install # install package %{l_make} %{l_mflags} install AM_MAKEFLAGS="DESTDIR=$RPM_BUILD_ROOT" # remove libtool cruft rm -f \ $RPM_BUILD_ROOT%{l_prefix}/lib/*.la \ $RPM_BUILD_ROOT%{l_prefix}/lib/*.s[ol] \ $RPM_BUILD_ROOT%{l_prefix}/lib/*.s[ol].* \ $RPM_BUILD_ROOT%{l_prefix}/lib/sasl2/*.a # post-adjust installation mv $RPM_BUILD_ROOT%{l_prefix}/lib/sasl2 \ $RPM_BUILD_ROOT%{l_prefix}/lib/sasl mv $RPM_BUILD_ROOT%{l_prefix}/sbin/testsaslauthd \ $RPM_BUILD_ROOT%{l_prefix}/sbin/saslauthd-test mv $RPM_BUILD_ROOT%{l_prefix}/sbin/pluginviewer \ $RPM_BUILD_ROOT%{l_prefix}/sbin/sasl-pluginviewer mv $RPM_BUILD_ROOT%{l_prefix}/man/man8/pluginviewer.8 \ $RPM_BUILD_ROOT%{l_prefix}/man/man8/sasl-pluginviewer.8 mv $RPM_BUILD_ROOT%{l_prefix}/sbin/saslpasswd2 \ $RPM_BUILD_ROOT%{l_prefix}/sbin/saslpasswd mv $RPM_BUILD_ROOT%{l_prefix}/man/man8/saslpasswd2.8 \ $RPM_BUILD_ROOT%{l_prefix}/man/man8/saslpasswd.8 mv $RPM_BUILD_ROOT%{l_prefix}/sbin/sasldblistusers2 \ $RPM_BUILD_ROOT%{l_prefix}/sbin/sasldblistusers mv $RPM_BUILD_ROOT%{l_prefix}/man/man8/sasldblistusers2.8 \ $RPM_BUILD_ROOT%{l_prefix}/man/man8/sasldblistusers.8 rm -f $RPM_BUILD_ROOT%{l_prefix}/sbin/dbconverter-2 strip $RPM_BUILD_ROOT%{l_prefix}/sbin/* >/dev/null 2>&1 || true # install sample client/server programs %{l_shtool} install -c -m 755 \ sample/sample-client \ $RPM_BUILD_ROOT%{l_prefix}/sbin/sasl-sample-client %{l_shtool} install -c -m 755 \ sample/sample-server \ $RPM_BUILD_ROOT%{l_prefix}/sbin/sasl-sample-server # install saslauthd default configuration %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/sasl %{l_shtool} install -c -m 755 \ %{SOURCE saslauthd.conf} \ $RPM_BUILD_ROOT%{l_prefix}/etc/sasl/ # create necessary additional directories %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/var/sasl/log \ $RPM_BUILD_ROOT%{l_prefix}/var/sasl/run/saslauthd \ $RPM_BUILD_ROOT%{l_prefix}/etc/sasl/sasl.d # install run-command script %if "%{with_pam}" == "yes" l_authmech="pam" %else case "%{l_platform -t}" in *-linux* | *-sunos* ) l_authmech="shadow" ;; * ) l_authmech="getpwent" ;; esac %endif %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d %{l_shtool} install -c -m 755 \ -e "s;@l_authmech@;${l_authmech};g" %{l_value -s -a} \ %{SOURCE rc.sasl} \ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ # install OSSP fsl configuration %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/fsl %{l_shtool} install -c -m 644 %{l_value -s -a} \ %{SOURCE fsl.sasl} \ $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/ # install pkg-config configuration libs="-lsasl2" case "%{l_platform -t}" in *-linux* ) libs="$libs -ldl" ;; esac %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig %{l_shtool} install -c -m 644 %{l_value -s -a} \ -e "s;@version@;%{version};" \ -e "s;@libs@;$libs;" \ %{SOURCE sasl.pc} \ $RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig/ # determine installation files %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ %{l_files_std} \ '%config %{l_prefix}/etc/fsl/fsl.sasl' \ '%config %{l_prefix}/etc/sasl/saslauthd.conf' \ '%dir %attr(0755,%{l_musr},%{l_rgrp}) %{l_prefix}/var/sasl' \ '%dir %attr(0755,%{l_musr},%{l_rgrp}) %{l_prefix}/var/sasl/run' \ '%dir %attr(0755,%{l_musr},%{l_rgrp}) %{l_prefix}/var/sasl/run/saslauthd' \ '%dir %attr(0700,%{l_susr},%{l_sgrp}) %{l_prefix}/var/sasl/log' %files -f files %clean %pre # before upgrade, save status and stop service [ $1 -eq 2 ] || exit 0 eval `%{l_rc} sasl status 2>/dev/null | tee %{l_tmpfile}` %{l_rc} sasl stop 2>/dev/null exit 0 %post %if "%{with_pam}" == "yes" if [ $1 -eq 1 ]; then # after install, add PAM configuration entry $RPM_INSTALL_PREFIX/sbin/pamtool --add --smart --name=sasl fi %endif if [ $1 -eq 2 ]; then # after upgrade, restore status eval `cat %{l_tmpfile}`; rm -f %{l_tmpfile} [ ".$sasl_active" = .yes ] && %{l_rc} sasl start fi exit 0 %preun # before erase, stop service and remove log files [ $1 -eq 0 ] || exit 0 %{l_rc} sasl stop 2>/dev/null rm -f $RPM_INSTALL_PREFIX/var/sasl/log/*.log* >/dev/null 2>&1 || true %if "%{with_pam}" == "yes" # remove PAM configuration entry $RPM_INSTALL_PREFIX/sbin/pamtool --remove --smart --name=sasl %endif exit 0