* [Buildroot] [PATCH 1/1] package/nss-pam-ldapd: new package
@ 2015-05-22 21:21 Doug Kehn
2015-05-22 22:01 ` Yann E. MORIN
0 siblings, 1 reply; 2+ messages in thread
From: Doug Kehn @ 2015-05-22 21:21 UTC (permalink / raw)
To: buildroot
Name Service Switch (NSS) module that allows your LDAP server to provide
user account, group, host name, alias, netgroup, and basically any other
information that you would normally get from /etc flat files or NIS. It
also provides a Pluggable Authentication Module (PAM) to do
authentication to an LDAP server.
Signed-off-by: Doug Kehn <rdkehn@yahoo.com>
---
package/Config.in | 1 +
package/nss-pam-ldapd/Config.in | 13 +++++++++++++
package/nss-pam-ldapd/S45nslcd | 31 +++++++++++++++++++++++++++++++
package/nss-pam-ldapd/nss-pam-ldapd.hash | 2 ++
package/nss-pam-ldapd/nss-pam-ldapd.mk | 22 ++++++++++++++++++++++
5 files changed, 69 insertions(+)
create mode 100644 package/nss-pam-ldapd/Config.in
create mode 100644 package/nss-pam-ldapd/S45nslcd
create mode 100644 package/nss-pam-ldapd/nss-pam-ldapd.hash
create mode 100644 package/nss-pam-ldapd/nss-pam-ldapd.mk
diff --git a/package/Config.in b/package/Config.in
index e0c2e2a..1035cab 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -981,6 +981,7 @@ menu "Networking"
source "package/libwebsockets/Config.in"
source "package/neon/Config.in"
source "package/nss-mdns/Config.in"
+ source "package/nss-pam-ldapd/Config.in"
source "package/omniorb/Config.in"
source "package/openldap/Config.in"
source "package/openpgm/Config.in"
diff --git a/package/nss-pam-ldapd/Config.in b/package/nss-pam-ldapd/Config.in
new file mode 100644
index 0000000..9dda7a7
--- /dev/null
+++ b/package/nss-pam-ldapd/Config.in
@@ -0,0 +1,13 @@
+config BR2_PACKAGE_NSS_PAM_LDAPD
+ bool "nss-pam-ldapd"
+ depends on BR2_USE_MMU
+ depends on BR2_TOOLCHAIN_USES_GLIBC
+ help
+ nss-pam-ldapd which provides a Name Service Switch (NSS)
+ module that allows your LDAP server to provide user account,
+ group, host name, alias, netgroup, and basically any other
+ information that you would normally get from /etc flat files
+ or NIS. It also provides a Pluggable Authentication Module
+ (PAM) to do authentication to an LDAP server.
+
+ http://arthurdejong.org/nss-pam-ldapd/
diff --git a/package/nss-pam-ldapd/S45nslcd b/package/nss-pam-ldapd/S45nslcd
new file mode 100644
index 0000000..e9c00f3
--- /dev/null
+++ b/package/nss-pam-ldapd/S45nslcd
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+NAME="nslcd"
+DAEMON="/usr/sbin/${NAME}"
+DAEMON_CONF="/etc/${NAME}.conf"
+
+[ -x ${DAEMON} ] || exit 0
+[ -f ${DAEMON_CONF} ] || exit 0
+
+case "$1" in
+start)
+ echo -n "Starting ${NAME}: "
+ start-stop-daemon -S -x ${DAEMON}
+ [ $? -eq 0 ] && echo "OK" || echo "FAIL"
+ ;;
+stop)
+ echo -n "Stopping ${NAME}: "
+ start-stop-daemon -K -x ${DAEMON}
+ [ $? -eq 0 ] && echo "OK" || echo "FAIL"
+ ;;
+restart|reload)
+ $0 stop
+ $0 start
+ ;;
+*)
+ echo "Usage: $0 {start|stop|restart|reload}"
+ exit 1
+esac
+
+exit 0
+
diff --git a/package/nss-pam-ldapd/nss-pam-ldapd.hash b/package/nss-pam-ldapd/nss-pam-ldapd.hash
new file mode 100644
index 0000000..21e61f6
--- /dev/null
+++ b/package/nss-pam-ldapd/nss-pam-ldapd.hash
@@ -0,0 +1,2 @@
+# From http://arthurdejong.org/nss-pam-ldapd/
+md5 1f0517d2c46ca1d8ecdbe23a671edc83 nss-pam-ldapd-0.9.5.tar.gz
diff --git a/package/nss-pam-ldapd/nss-pam-ldapd.mk b/package/nss-pam-ldapd/nss-pam-ldapd.mk
new file mode 100644
index 0000000..a650803
--- /dev/null
+++ b/package/nss-pam-ldapd/nss-pam-ldapd.mk
@@ -0,0 +1,22 @@
+################################################################################
+#
+# nss-pam-ldapd
+#
+################################################################################
+
+NSS_PAM_LDAPD_VERSION = 0.9.5
+NSS_PAM_LDAPD_SITE = http://arthurdejong.org/nss-pam-ldapd
+NSS_PAM_LDAPD_LICENSE = LGPLv2.1+
+NSS_PAM_LDAPD_LICENSE_FILES = LICENSE
+NSS_PAM_LDAPD_INSTALL_STAGING = YES
+
+define NSS_PAM_LDAPD_USERS
+ nslcd -1 nslcd -1 * - - - nslcd user
+endef
+
+define NSS_PAM_LDAPD_INSTALL_INIT_SYSV
+ $(INSTALL) -m 755 -D package/nss-pam-ldapd/S45nslcd \
+ $(TARGET_DIR)/etc/init.d/S45nslcd
+endef
+
+$(eval $(autotools-package))
--
2.4.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH 1/1] package/nss-pam-ldapd: new package
2015-05-22 21:21 [Buildroot] [PATCH 1/1] package/nss-pam-ldapd: new package Doug Kehn
@ 2015-05-22 22:01 ` Yann E. MORIN
0 siblings, 0 replies; 2+ messages in thread
From: Yann E. MORIN @ 2015-05-22 22:01 UTC (permalink / raw)
To: buildroot
Doug, All,
On 2015-05-22 16:21 -0500, Doug Kehn spake thusly:
> Name Service Switch (NSS) module that allows your LDAP server to provide
> user account, group, host name, alias, netgroup, and basically any other
> information that you would normally get from /etc flat files or NIS. It
> also provides a Pluggable Authentication Module (PAM) to do
> authentication to an LDAP server.
He! Great! :-)
> Signed-off-by: Doug Kehn <rdkehn@yahoo.com>
[--SNIP--]
> diff --git a/package/nss-pam-ldapd/Config.in b/package/nss-pam-ldapd/Config.in
> new file mode 100644
> index 0000000..9dda7a7
> --- /dev/null
> +++ b/package/nss-pam-ldapd/Config.in
> @@ -0,0 +1,13 @@
> +config BR2_PACKAGE_NSS_PAM_LDAPD
> + bool "nss-pam-ldapd"
> + depends on BR2_USE_MMU
> + depends on BR2_TOOLCHAIN_USES_GLIBC
> + help
> + nss-pam-ldapd which provides a Name Service Switch (NSS)
s/which//
> + module that allows your LDAP server to provide user account,
> + group, host name, alias, netgroup, and basically any other
> + information that you would normally get from /etc flat files
> + or NIS. It also provides a Pluggable Authentication Module
> + (PAM) to do authentication to an LDAP server.
Should the PAM module be alwaus installed, even if we do not have
linux-pam installed? I.e. use --enable-pam / --disable-pam
accordingly...
> + http://arthurdejong.org/nss-pam-ldapd/
Since the package has a dependency on glibc, there's no need to depend
on MMU (because glibc already itself is only available on systems with
an MMU).
Beside, you need to add a comment stating that nss-pam-ldapd needs a
(e)glibc toolchain, like explained in the manual, chapter "17.2.2.
Dependencies on target and toolchain options" :
http://buildroot.net/downloads/manual/manual.html#dependencies-target-toolchain-options
like so:
comment "nss-pam-ldapd needs an (e)glibc toolchain"
depends on !BR2_TOOLCHAIN_USES_GLIBC
> diff --git a/package/nss-pam-ldapd/S45nslcd b/package/nss-pam-ldapd/S45nslcd
> new file mode 100644
> index 0000000..e9c00f3
> --- /dev/null
> +++ b/package/nss-pam-ldapd/S45nslcd
> @@ -0,0 +1,31 @@
> +#!/bin/sh
> +
> +NAME="nslcd"
> +DAEMON="/usr/sbin/${NAME}"
> +DAEMON_CONF="/etc/${NAME}.conf"
> +
> +[ -x ${DAEMON} ] || exit 0
Since this script is only installed when nss-pam-ldapd itself is
installed, you are guaranteed the daemon will be installed, no need to
check for that.
> +[ -f ${DAEMON_CONF} ] || exit 0
This variable is used nowhere in this startup script, so get rid of it.
If you really need to test that the configuration file exists, just use:
if [ ! -f /etc/nslcd.conf ]; then
printf "No configuration file\n" >&2
exit 0 # Or '1' to explicitly return an error code
fi
However, I think it is best to just install the sample config file
packaged with nss-pam-ldapd which ensures there *is* a config file on
the target, so you don;t even have to check its existence in the startup
script.
> +case "$1" in
> +start)
> + echo -n "Starting ${NAME}: "
> + start-stop-daemon -S -x ${DAEMON}
> + [ $? -eq 0 ] && echo "OK" || echo "FAIL"
> + ;;
> +stop)
> + echo -n "Stopping ${NAME}: "
> + start-stop-daemon -K -x ${DAEMON}
> + [ $? -eq 0 ] && echo "OK" || echo "FAIL"
> + ;;
> +restart|reload)
> + $0 stop
> + $0 start
> + ;;
> +*)
> + echo "Usage: $0 {start|stop|restart|reload}"
> + exit 1
> +esac
> +
> +exit 0
"exit 0" not needed.
> diff --git a/package/nss-pam-ldapd/nss-pam-ldapd.hash b/package/nss-pam-ldapd/nss-pam-ldapd.hash
> new file mode 100644
> index 0000000..21e61f6
> --- /dev/null
> +++ b/package/nss-pam-ldapd/nss-pam-ldapd.hash
> @@ -0,0 +1,2 @@
> +# From http://arthurdejong.org/nss-pam-ldapd/
> +md5 1f0517d2c46ca1d8ecdbe23a671edc83 nss-pam-ldapd-0.9.5.tar.gz
When upstream only provides an md5 (or no hash at all), we add a
locally-computed stronger hash, and we like to use sha256. So add it as
thus:
# From http://arthurdejong.org/nss-pam-ldapd/
md5 1f0517d2c46ca1d8ecdbe23a671edc83 nss-pam-ldapd-0.9.5.tar.gz
# Locally computed:
sha256 abcdef1234567890abcdef1234567890 nss-pam-ldapd-0.9.5.tar.gz
If you can check the signature (http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-0.9.5.tar.gz.sig)
(i.e. you have a path of trust to the signer), you can change the
comment as thus;
# Locally computed after checking http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-0.9.5.tar.gz.sig:
> diff --git a/package/nss-pam-ldapd/nss-pam-ldapd.mk b/package/nss-pam-ldapd/nss-pam-ldapd.mk
> new file mode 100644
> index 0000000..a650803
> --- /dev/null
> +++ b/package/nss-pam-ldapd/nss-pam-ldapd.mk
> @@ -0,0 +1,22 @@
> +################################################################################
> +#
> +# nss-pam-ldapd
> +#
> +################################################################################
> +
> +NSS_PAM_LDAPD_VERSION = 0.9.5
> +NSS_PAM_LDAPD_SITE = http://arthurdejong.org/nss-pam-ldapd
> +NSS_PAM_LDAPD_LICENSE = LGPLv2.1+
> +NSS_PAM_LDAPD_LICENSE_FILES = LICENSE
> +NSS_PAM_LDAPD_INSTALL_STAGING = YES
It has a build-dependency on linux-pam:
checking security/pam_modutil.h usability... no
checking security/pam_modutil.h presence... no
checking for security/pam_modutil.h... no
configure: error: PAM header files are missing
So you need to select it in Config.in (and inherit the dependencies of
linux-pam), or depend on it in Config.in, and then add:
NSS_PAM_LDAPD_DEPENDENCIES = linux-pam
Also, taking into account that linux-pam can be made optional:
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
NSS_PAM_LDAPD_CONF_OPTS = --enable-pam
NSS_PAM_LDAPD_DEPENDENCIES = linux-pam
else
NSS_PAM_LDAPD_CONF_OPTS = --enable-pam
endif
It then breaks because it can't find ldap.h:
checking for ldap.h... no
configure: error: could not locate <ldap.h>
So it probably also needs to depend on openldap:
NSS_PAM_LDAPD_DEPENDENCIES += openldap
I haven't build further for now, so there might be other dependencies. A
simple way to find them is to do a build with just nss-pam-ldapd enabled
and see what breaks.
> +define NSS_PAM_LDAPD_USERS
> + nslcd -1 nslcd -1 * - - - nslcd user
> +endef
> +
> +define NSS_PAM_LDAPD_INSTALL_INIT_SYSV
> + $(INSTALL) -m 755 -D package/nss-pam-ldapd/S45nslcd \
> + $(TARGET_DIR)/etc/init.d/S45nslcd
> +endef
Do you think you could provide a systemd unit file as well? That would
be great if you could. ;-)
Care to address those issues, then resubmit (and Cc: me please, so I
notice).
Thanks! :-)
Regards,
Yann E. MORIN.
> +$(eval $(autotools-package))
> --
> 2.4.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-05-22 22:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-22 21:21 [Buildroot] [PATCH 1/1] package/nss-pam-ldapd: new package Doug Kehn
2015-05-22 22:01 ` Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.