path: root/main/krb5/APKBUILD

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=krb5
pkgver=1.14.3
pkgrel=3

case $pkgver in
*.*.*) _ver=${pkgver%.*};;
*) _ver=${pkgver};;
esac

pkgdesc="The Kerberos network authentication system"
url="http://web.mit.edu/kerberos/www/"
arch="all"
license="MIT"
depends="krb5-conf"
depends_dev="e2fsprogs-dev"
makedepends="$depends_dev libverto-dev openldap-dev libressl-dev
	keyutils-dev bison flex perl"
install=""
options="suid"
subpackages="$pkgname-dev $pkgname-doc $pkgname-server
	$pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs"
source="http://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz
	mit-krb5_krb5-config_LDFLAGS.patch
	CVE-2018-20217.patch

	krb5kadmind.initd
	krb5kdc.initd
	krb5kpropd.initd
	"

# secfixes:
#   1.14.3-r3:
#     - CVE-2018-20217

_builddir="$srcdir"/krb5-$pkgver
unpack() {
	default_unpack
	cd "$srcdir"
	tar -zxf krb5-$pkgver.tar.gz
}

prepare() {
	local i
	cd "$_builddir"
	for i in $source; do
		case $i in
		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
		esac
	done
}

build() {
	cd "$_builddir"/src
	./configure \
		CPPFLAGS="$CPPFLAGS -fPIC -I/usr/include/et" \
		WARN_CFLAGS= \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--localstatedir=/var/lib \
		--enable-shared \
		--disable-static \
		--disable-rpath \
		--with-system-et \
		--with-system-ss \
		--with-system-verto \
		--without-tcl \
		--with-ldap \
		--with-crypto-impl=openssl \
		|| return 1
	make
}

package() {
	cd "$_builddir"/src
	make install DESTDIR="$pkgdir" || return 1
	mkdir -p "$pkgdir"/usr/share/doc/$pkgname
	mv "$pkgdir"/usr/share/examples "$pkgdir"/usr/share/doc/$pkgname/

	for i in $source; do
		case $i in
		*.initd) install -Dm755 "$srcdir"/$i \
			"$pkgdir"/etc/init.d/${i%.initd};;
		esac
	done
}

server() {
	pkgdesc="The KDC and related programs for Kerberos 5"
	depends="libverto-libev"
	mkdir -p "$subpkgdir"/usr/share \
		"$subpkgdir"/usr/bin \
		"$subpkgdir"/etc/
	install -d "$subpkgdir"/var/lib/krb5kdc || return 1
	mv "$pkgdir"/usr/sbin "$subpkgdir"/usr/ || return 1
	mv "$pkgdir"/etc/init.d "$subpkgdir"/etc/ || return 1
	# used for testing server
	mv "$pkgdir"/usr/bin/sclient "$subpkgdir"/usr/bin/

}

ldap() {
	pkgdesc="The LDAP storage plugin for the Kerberos 5 KDC"
	mkdir -p "$subpkgdir"/usr/lib/krb5/plugins/kdb
	mv "$pkgdir"/usr/lib/krb5/plugins/kdb/kldap.so \
		"$subpkgdir"/usr/lib/krb5/plugins/kdb/ || return 1
	mv "$pkgdir"/usr/lib/libkdb_ldap* \
		 "$subpkgdir"/usr/lib/
}

pkinit() {
	pkgdesc="The PKINIT module for Kerberos 5"
	mkdir -p "$subpkgdir"/usr/lib/krb5/plugins/preauth
	mv "$pkgdir"/usr/lib/krb5/plugins/preauth/pkinit.so \
		"$subpkgdir"/usr/lib/krb5/plugins/preauth/pkinit.so
}

libs() {
	pkgdesc="The shared libraries used by Kerberos 5"
	depends="krb5-conf"
	mkdir -p "$subpkgdir"/usr/
	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ || return 1
}
sha512sums="97f42bb7e0f69e337b949b451bf925f604e7ef9336c32bd4d62224a8c4a37e631f5a6fc01016bbdf268bbb60fa58712e244e00a1ab5a8bceede6a676482235aa  krb5-1.14.3.tar.gz
5a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801  mit-krb5_krb5-config_LDFLAGS.patch
30891c26b191ced94956bea869996a78147f4b87fb9bb511790bf20ff9a04fe5075e3584e03b19206327b954a2ad630b4f90cd443d5855481d521c640fe9d125  CVE-2018-20217.patch
43b9885b7eb8d0d60920def688de482f2b1701288f9acb1bb21dc76b2395428ff304961959eb04ba5eafd0412bae35668d6d2c8223424b9337bc051eadf51682  krb5kadmind.initd
ede15f15bbbc9d0227235067abe15245bb9713aea260d397379c63275ce74aea0db6c91c15d599e40c6e89612d76f3a0f8fdd21cbafa3f30d426d4310d3e2cec  krb5kdc.initd
45be0d421efd41e9dd056125a750c90856586e990317456b68170d733b03cba9ecd18ab87603b20e49575e7839fb4a6d628255533f2631f9e8ddb7f3cc493a90  krb5kpropd.initd"