From 83d109e72915e161c21be0d9abd28447ab0fa97c Mon Sep 17 00:00:00 2001
From: Matthew Thode <prometheanfire@gentoo.org>
Date: Thu, 16 Jan 2020 11:09:10 -0600
Subject: [PATCH] sys-auth/nss-pam-ldapd: fix /var/run path for systemd service

Fixes: https://bugs.gentoo.org/705380
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>
---
 sys-auth/nss-pam-ldapd/files/nslcd-2.service  |  14 ++
 sys-auth/nss-pam-ldapd/files/nslcd-init-r3    |  28 +++
 sys-auth/nss-pam-ldapd/files/pynslcd.initd-r2 |  28 +++
 .../nss-pam-ldapd-0.9.11-r2.ebuild            | 163 ++++++++++++++++++
 4 files changed, 233 insertions(+)
 create mode 100644 sys-auth/nss-pam-ldapd/files/nslcd-2.service
 create mode 100644 sys-auth/nss-pam-ldapd/files/nslcd-init-r3
 create mode 100644 sys-auth/nss-pam-ldapd/files/pynslcd.initd-r2
 create mode 100644 sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.11-r2.ebuild

diff --git a/sys-auth/nss-pam-ldapd/files/nslcd-2.service b/sys-auth/nss-pam-ldapd/files/nslcd-2.service
new file mode 100644
index 0000000000000..b6b167aaed92a
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd-2.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=NSS and PAM LDAP client daemon
+After=network-online.target
+Wants=network-online.target nss-lookup.target syslog.service
+Before=nss-user-lookup.target
+
+[Service]
+Type=forking
+PIDFile=/run/nslcd/nslcd.pid
+ExecStart=/usr/sbin/nslcd
+
+[Install]
+WantedBy=multi-user.target
+RequiredBy=nss-user-lookup.target
diff --git a/sys-auth/nss-pam-ldapd/files/nslcd-init-r3 b/sys-auth/nss-pam-ldapd/files/nslcd-init-r3
new file mode 100644
index 0000000000000..513ad9af3fe14
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/nslcd-init-r3
@@ -0,0 +1,28 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+command=/usr/sbin/nslcd
+pidfile=/run/nslcd/nslcd.pid
+extra_commands="checkconfig"
+cfg="/etc/nslcd.conf"
+
+depend() {
+	need net	
+	use dns logger
+}
+
+checkconfig() {
+	if [ ! -f "$cfg" ] ; then
+		eerror "Please create $cfg"
+		eerror "Example config: /usr/share/nss-ldapd/nslcd.conf"
+		return 1
+	fi
+	return 0
+}
+
+start_pre() {
+	checkpath -q -d /run/nslcd -o nslcd:nslcd
+	checkconfig
+	return $?
+}
diff --git a/sys-auth/nss-pam-ldapd/files/pynslcd.initd-r2 b/sys-auth/nss-pam-ldapd/files/pynslcd.initd-r2
new file mode 100644
index 0000000000000..21762ae5fd2bd
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/files/pynslcd.initd-r2
@@ -0,0 +1,28 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+command=/usr/sbin/pynslcd
+pidfile=/run/nslcd/nslcd.pid
+extra_commands="checkconfig"
+cfg="/etc/nslcd.conf"
+
+depend() {
+	need net	
+	use dns logger
+}
+
+checkconfig() {
+	if [ ! -f "$cfg" ] ; then
+		eerror "Please create $cfg"
+		eerror "Example config: /usr/share/nss-ldapd/nslcd.conf"
+		return 1
+	fi
+	return 0
+}
+
+start_pre() {
+	checkpath -q -d /run/nslcd -o nslcd:nslcd
+	checkconfig
+	return $?
+}
diff --git a/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.11-r2.ebuild b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.11-r2.ebuild
new file mode 100644
index 0000000000000..53e23ca1d640a
--- /dev/null
+++ b/sys-auth/nss-pam-ldapd/nss-pam-ldapd-0.9.11-r2.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=(python2_7 python3_6)
+inherit eutils prefix user python-r1 multilib multilib-minimal systemd s6
+
+DESCRIPTION="NSS module for name lookups using LDAP"
+HOMEPAGE="https://arthurdejong.org/nss-pam-ldapd/"
+SRC_URI="https://arthurdejong.org/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug kerberos +pam pynslcd sasl test +utils"
+RESTRICT="!test? ( test )"
+
+COMMON_DEP="
+	net-nds/openldap[${MULTILIB_USEDEP}]
+	sasl? ( dev-libs/cyrus-sasl[${MULTILIB_USEDEP}] )
+	kerberos? ( virtual/krb5[${MULTILIB_USEDEP}] )
+	sys-libs/pam[${MULTILIB_USEDEP}]
+	utils? ( ${PYTHON_DEPS} )
+	pynslcd? (
+		dev-python/python-ldap[${PYTHON_USEDEP}]
+		dev-python/python-daemon[${PYTHON_USEDEP}]
+	)
+	!sys-auth/nss_ldap
+	!sys-auth/pam_ldap"
+RDEPEND="${COMMON_DEP}"
+DEPEND="${COMMON_DEP}
+	test? (
+		${PYTHON_DEPS}
+		dev-python/pylint[${PYTHON_USEDEP}]
+	)
+	sys-devel/automake"
+
+REQUIRED_USE="
+	utils? ( ${PYTHON_REQUIRED_USE} )
+	test? ( ${PYTHON_REQUIRED_USE} pynslcd )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.9.4-disable-py3-only-linters.patch
+	"${FILESDIR}"/${PN}-0.9.11-pynslcd-module-paths.patch
+)
+
+pkg_setup() {
+	enewgroup nslcd
+	enewuser nslcd -1 -1 -1 nslcd
+}
+
+src_prepare() {
+	cp pynslcd/pynslcd.py "${S}" || die "Copying pynslcd failed"
+
+	default
+	use utils && python_setup
+	touch pynslcd/__init__.py || die "Could not create __init__.py for pynslcd"
+}
+
+multilib_src_configure() {
+	local -a myconf
+
+	myconf=(
+		--disable-utils
+		--enable-warnings
+		--with-ldap-lib=openldap
+		--with-ldap-conf-file=/etc/nslcd.conf
+		--with-nslcd-pidfile=/run/nslcd/nslcd.pid
+		--with-nslcd-socket=/run/nslcd/socket
+		$(usex x86-fbsd '--with-nss-flavour=' '--with-nss-flavour=' 'freebsd' 'glibc')
+		$(use_enable pynslcd)
+		$(use_enable debug)
+		$(use_enable kerberos)
+		$(use_enable pam)
+		$(use_enable sasl)
+	)
+
+	# nss libraries always go in /lib on Gentoo
+	if multilib_is_native_abi ; then
+		myconf+=("--with-pam-seclib-dir=${EPREFIX}/$(get_libdir)/security")
+		myconf+=("--libdir=${EPREFIX}/$(get_libdir)")
+	else
+		myconf+=("--with-pam-seclib-dir=/$(get_libdir)/security")
+		myconf+=("--libdir=/$(get_libdir)")
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_install_all() {
+	local script
+
+	newinitd "${FILESDIR}"/nslcd-init-r3 nslcd
+	s6_install_service nslcd "${FILESDIR}"/nslcd-run-s6
+
+	insinto /usr/share/nss-pam-ldapd
+	doins "${WORKDIR}/${P}/nslcd.conf"
+
+	fperms o-r /etc/nslcd.conf
+
+	if use utils; then
+		python_moduleinto nslcd
+		python_foreach_impl python_domodule utils/*.py
+
+		for script in chsh getent; do
+			python_foreach_impl python_newscript utils/${script}.py ${script}.ldap
+		done
+	fi
+	if use pynslcd; then
+		rm -rf "${D}"/usr/share/pynslcd
+		python_moduleinto pynslcd
+		python_foreach_impl python_domodule pynslcd/*.py
+		python_scriptinto /usr/sbin
+		python_newscript pynslcd.py pynslcd
+		newinitd "${FILESDIR}"/pynslcd.initd-r2 pynslcd
+	fi
+
+	systemd_newtmpfilesd "${FILESDIR}"/nslcd-tmpfiles.conf nslcd.conf
+	systemd_newunit "${FILESDIR}"/nslcd-2.service nslcd.service
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	if use pynslcd; then
+		python_moduleinto pynslcd
+		python_foreach_impl python_domodule pynslcd/*.py
+	fi
+}
+
+python_test() {
+	PYTHONPATH="${S}" emake check
+}
+
+multilib_src_test() {
+	pushd "${BUILD_DIR}"
+	ln -s ../pynslcd/constants.py utils/constants.py
+	python_foreach_impl python_test
+	popd
+}
+
+pkg_postinst() {
+	echo
+	elog "For this to work you must configure /etc/nslcd.conf"
+	elog "This configuration is similar to pam_ldap's /etc/ldap.conf"
+	echo
+	elog "In order to use nss-pam-ldapd, nslcd needs to be running. You can"
+	elog "start it like this:"
+	elog "  # /etc/init.d/nslcd start"
+	echo
+	elog "You can add it to the default runlevel like so:"
+	elog " # rc-update add nslcd default"
+	elog
+	elog "If you have >=sys-apps/openrc-0.16.3, you can also use s6"
+	elog "to supervise this service."
+	elog "To do this, emerge sys-apps/s6 then add nslcd-s6"
+	elog "default runlevel instead of nslcd."
+	elog
+	elog "If you are upgrading, keep in mind that /etc/nss-ldapd.conf"
+	elog " is now named /etc/nslcd.conf"
+	echo
+}