openldap: overlay recipe for gnutls fix

A bbappend for this change is tricky, so overlay the complete recipe.

Change-Id: Ib8922ee8d04077b7855672e09006e375fb56fb8d
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>

7 files changed, 369 insertions, 0 deletions

diff --git a/meta-linaro/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch b/meta-linaro/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch
new file mode 100644
index 00000000..dffd3ca5
--- /dev/null
+++ b/meta-linaro/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch
@@ -0,0 +1,44 @@
+From 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 7 Sep 2013 09:39:24 -0700
+Subject: [PATCH] ITS#7430 GnuTLS: Avoid use of deprecated function
+
+Upstream-status: Backport
+
+---
+ libraries/libldap/tls_g.c |   12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
+index 9acffaf..c793828 100644
+--- a/libraries/libldap/tls_g.c
++++ b/libraries/libldap/tls_g.c
+@@ -368,6 +368,17 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ 		 * then we have to build the cert chain.
+ 		 */
+ 		if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
++#if GNUTLS_VERSION_NUMBER >= 0x020c00
++			unsigned int i;
++			for ( i = 1; i<VERIFY_DEPTH; i++ ) {
++				if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
++					break;
++				max++;
++				/* If this CA is self-signed, we're done */
++				if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
++					break;
++			}
++#else
+ 			gnutls_x509_crt_t *cas;
+ 			unsigned int i, j, ncas;
+ 
+@@ -387,6 +398,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ 				if ( j == ncas )
+ 					break;
+ 			}
++#endif
+ 		}
+ 		rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
+ 		if ( rc ) return -1;
+-- 
+1.7.4.2
+
diff --git a/meta-linaro/recipes-support/openldap/openldap-2.4.23/initscript b/meta-linaro/recipes-support/openldap/openldap-2.4.23/initscript
new file mode 100644
index 00000000..40881cd6
--- /dev/null
+++ b/meta-linaro/recipes-support/openldap/openldap-2.4.23/initscript
@@ -0,0 +1,29 @@
+#! /bin/sh
+#
+# This is an init script for openembedded
+# Copy it to /etc/init.d/openldap and type
+# > update-rc.d openldap defaults 60
+#
+
+
+slapd=/usr/libexec/slapd
+test -x "$slapd" || exit 0
+
+
+case "$1" in
+  start)
+    echo -n "Starting OpenLDAP: "
+    start-stop-daemon --start --quiet --exec $slapd
+    echo "."
+    ;;
+  stop)
+    echo -n "Stopping OpenLDAP: "
+    start-stop-daemon --stop --quiet --pidfile /var/run/slapd.pid
+    echo "."
+    ;;
+  *)
+    echo "Usage: /etc/init.d/openldap {start|stop}"
+    exit 1
+esac
+
+exit 0
\ No newline at end of file
diff --git a/meta-linaro/recipes-support/openldap/openldap-2.4.23/install-strip.patch b/meta-linaro/recipes-support/openldap/openldap-2.4.23/install-strip.patch
new file mode 100644
index 00000000..2992b703
--- /dev/null
+++ b/meta-linaro/recipes-support/openldap/openldap-2.4.23/install-strip.patch
@@ -0,0 +1,14 @@
+# This patch ensures that the install operations which strip
+# programs and libraries (LTINSTALL) work in a cross build
+# environment.
+--- openldap-2.2.24/.pc/install-strip.patch/build/top.mk	2005-01-20 09:00:55.000000000 -0800
++++ openldap-2.2.24/build/top.mk	2005-04-16 13:48:20.536710376 -0700
+@@ -116,7 +116,7 @@
+ LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \
+ 	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)
+ 
+-LTINSTALL = $(LIBTOOL) --mode=install $(INSTALL) 
++LTINSTALL = STRIPPROG="" $(LIBTOOL) --mode=install $(top_srcdir)/contrib/ldapc++/install-sh -c
+ LTFINISH = $(LIBTOOL) --mode=finish
+ 
+ # Misc UNIX commands used in build environment
diff --git a/meta-linaro/recipes-support/openldap/openldap-2.4.23/kill-icu.patch b/meta-linaro/recipes-support/openldap/openldap-2.4.23/kill-icu.patch
new file mode 100644
index 00000000..dcf54113
--- /dev/null
+++ b/meta-linaro/recipes-support/openldap/openldap-2.4.23/kill-icu.patch
@@ -0,0 +1,30 @@
+From: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
+
+slapd depends on ICU if it was built first.
+
+Upstream-status: inappropiate [embedded specific]
+---
+ configure.in |    8 --------
+ 1 file changed, 8 deletions(-)
+
+--- openldap-2.4.23.orig/configure.in
++++ openldap-2.4.23/configure.in
+@@ -2045,18 +2045,10 @@ if test $ol_enable_ndb != no ; then
+ 		SLAPD_LIBS="$SLAPD_LIBS \$(SLAPD_NDB_LIBS)"
+ 	fi
+ fi
+ 
+ dnl ----------------------------------------------------------------
+-dnl International Components for Unicode
+-OL_ICU
+-if test "$ol_icu" = no ; then
+-	AC_MSG_WARN([ICU not available])
+-else
+-	ICU_LIBS="$ol_icu"
+-fi
+-dnl ----------------------------------------------------------------
+ dnl
+ dnl Check for Cyrus SASL
+ dnl
+ WITH_SASL=no
+ ol_link_sasl=no
diff --git a/meta-linaro/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch b/meta-linaro/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch
new file mode 100644
index 00000000..c7b1552c
--- /dev/null
+++ b/meta-linaro/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch
@@ -0,0 +1,17 @@
+From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/files/
+
+Upstream-status: Unknown
+
+--
+
+--- openldap-2.4.28/configure.in.orig	2012-02-11 22:40:36.004360795 +0000
++++ openldap-2.4.28/configure.in	2012-02-11 22:40:13.410986851 +0000
+@@ -1214,7 +1214,7 @@
+ 				ol_with_tls=gnutls
+ 				ol_link_tls=yes
+ 
+-				TLS_LIBS="-lgnutls"
++				TLS_LIBS="-lgnutls -lgcrypt"
+ 
+ 				AC_DEFINE(HAVE_GNUTLS, 1, 
+ 					[define if you have GNUtls])
diff --git a/meta-linaro/recipes-support/openldap/openldap-2.4.23/openldap-m4-pthread.patch b/meta-linaro/recipes-support/openldap/openldap-2.4.23/openldap-m4-pthread.patch
new file mode 100644
index 00000000..b669b725
--- /dev/null
+++ b/meta-linaro/recipes-support/openldap/openldap-2.4.23/openldap-m4-pthread.patch
@@ -0,0 +1,20 @@
+--- openldap-2.3.11/build/openldap.m4.orig	2005-11-11 00:11:18.604322590 -0800
++++ openldap-2.3.11/build/openldap.m4	2005-11-11 00:26:21.621145856 -0800
+@@ -788,7 +788,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
+ ]])
+ 
+ AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
+-AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
++[AC_LANG_SOURCE([[OL_PTHREAD_TEST_INCLUDES
+ 
+ int main(argc, argv)
+ 	int argc;
+@@ -796,7 +796,7 @@ int main(argc, argv)
+ {
+ OL_PTHREAD_TEST_FUNCTION
+ }
+-]))
++]])])
+ dnl --------------------------------------------------------------------
+ AC_DEFUN([OL_PTHREAD_TRY], [# Pthread try link: $1 ($2)
+ if test "$ol_link_threads" = no ; then
diff --git a/meta-linaro/recipes-support/openldap/openldap_2.4.23.bb b/meta-linaro/recipes-support/openldap/openldap_2.4.23.bb
new file mode 100644
index 00000000..306a7864
--- /dev/null
+++ b/meta-linaro/recipes-support/openldap/openldap_2.4.23.bb
@@ -0,0 +1,215 @@
+# OpenLDAP, a license free (see http://www.OpenLDAP.org/license.html)
+#
+DESCRIPTION = "OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol."
+HOMEPAGE = "http://www.OpenLDAP.org/license.html"
+# The OpenLDAP Public License - see the HOMEPAGE - defines
+# the license.  www.openldap.org claims this is Open Source
+# (see http://www.openldap.org), the license appears to be
+# basically BSD.  opensource.org does not record this license
+# at present (so it is apparently not OSI certified).
+LICENSE = "OpenLDAP"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=3d82d3085f228af211a6502c7ea7c3c7"
+SECTION = "libs"
+
+LDAP_VER = "${@'.'.join(d.getVar('PV',1).split('.')[0:2])}"
+
+SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \
+    file://openldap-m4-pthread.patch \
+    file://kill-icu.patch \
+    file://0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch \
+    file://openldap-2.4.28-gnutls-gcrypt.patch \
+    file://initscript \
+"
+SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf"
+SRC_URI[sha256sum] = "5a5ede91d5e8ab3c7f637620aa29a3b96eb34318a8b26c8eef2d2c789fc055e3"
+
+DEPENDS = "util-linux groff-native"
+
+PR = "r1"
+# The original top.mk used INSTALL, not INSTALL_STRIP_PROGRAM when
+# installing .so and executables, this fails in cross compilation
+# environments
+SRC_URI += "file://install-strip.patch"
+
+inherit autotools-brokensep
+
+# CV SETTINGS
+# Required to work round AC_FUNC_MEMCMP which gets the wrong answer
+# when cross compiling (should be in site?)
+EXTRA_OECONF += "ac_cv_func_memcmp_working=yes"
+
+# CONFIG DEFINITIONS
+# The following is necessary because it cannot be determined for a
+# cross compile automagically.  Select should yield fine on all OE
+# systems...
+EXTRA_OECONF += "--with-yielding-select=yes"
+# Shared libraries are nice...
+EXTRA_OECONF += "--enable-dynamic"
+
+PACKAGECONFIG ??= "gnutls modules \
+                   ldap meta monitor null passwd shell proxycache dnssrv \
+"
+#--with-tls              with TLS/SSL support auto|openssl|gnutls [auto]
+PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls libgcrypt"
+PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl"
+
+PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl"
+PACKAGECONFIG[modules] = "lt_cv_dlopen_self=yes --enable-modules,--disable-modules,libtool"
+
+# SLAPD options
+#
+# UNIX crypt(3) passwd support:
+EXTRA_OECONF += "--enable-crypt"
+
+# SLAPD BACKEND
+#
+# The backend must be set by the configuration.  This controls the
+# required database, the default database, bdb, is turned off but
+# can be turned back on again and it *is* below!  The monitor backend
+# is also disabled.  If you try to change the backends but fail to
+# enable a single one the build will fail in an obvious way.
+#
+EXTRA_OECONF += "--disable-bdb --disable-hdb --disable-monitor"
+#
+# Backends="bdb dnssrv hdb ldap ldbm meta monitor null passwd perl shell sql"
+#
+# Note that multiple backends can be built.  The ldbm backend requires a
+# build-time choice of database API.  The bdb backend forces this to be
+# DB4.  To use the gdbm (or other) API the Berkely database module must
+# be removed from the build.
+md = "${libexecdir}/openldap"
+#
+#--enable-bdb          enable Berkeley DB backend no|yes|mod yes
+# The Berkely DB is the standard choice.  This version of OpenLDAP requires
+# the version 4 implementation or better.
+PACKAGECONFIG[bdb] = "--enable-bdb=mod,--enable-bdb=no,db"
+
+#--enable-dnssrv       enable dnssrv backend no|yes|mod no
+PACKAGECONFIG[dnssrv] = "--enable-dnssrv=mod,--enable-dnssrv=no"
+
+#--enable-hdb          enable Hierarchical DB backend no|yes|mod no
+# This forces ldbm to use Berkeley too, remove to use gdbm
+PACKAGECONFIG[hdb] = "--enable-hdb=mod,--enable-hdb=no,db"
+
+#--enable-ldap         enable ldap backend no|yes|mod no
+PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no,"
+
+#--enable-ldbm         enable ldbm backend no|yes|mod no
+# ldbm requires further specification of the underlying database API, because
+# bdb is enabled above this must be set to berkeley, however the config
+# defaults this correctly so --with-ldbm-api is *not* set.  The build will
+# fail if bdb is removed, but no database is built to provide the
+# support for ldbm
+# guide.html:<P>back-ldbm was both slow and unreliable. Its byzantine indexing code was prone to spontaneous corruption, as were the underlying database libraries that were commonly used (e.g. GDBM or NDBM). back-bdb and back-hdb are superior in every aspect, with simplified indexing to avoid index corruption, fine-grained locking for greater concurrency, hierarchical caching for greater performance, streamlined on-disk format for greater efficiency and portability, and full transaction support for greater reliability.</P>
+# configure: WARNING: unrecognized options: --disable-silent-rules, --enable-ldbm, --with-ldbm-api
+#PACKAGECONFIG[ldbm] = "--enable-ldbm=mod --with-ldbm-api=gdbm,--enable-ldbm-no,gdbm"
+
+#--enable-meta         enable metadirectory backend no|yes|mod no
+PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no,"
+
+#--enable-monitor      enable monitor backend no|yes|mod yes
+PACKAGECONFIG[monitor] = "--enable-monitor=mod,--enable-monitor=no,"
+
+#--enable-null         enable null backend no|yes|mod no
+PACKAGECONFIG[null] = "--enable-null=mod,--enable-null=no,"
+
+#--enable-passwd       enable passwd backend no|yes|mod no
+PACKAGECONFIG[passwd] = "--enable-passwd=mod,--enable-passwd=no,"
+
+#--enable-perl         enable perl backend no|yes|mod no
+#  This requires a loadable perl dynamic library, if enabled without
+#  doing something appropriate (building perl?) the build will pick
+#  up the build machine perl - not good (inherit perlnative?)
+PACKAGECONFIG[perl] = "--enable-perl=mod,--enable-perl=no,perl"
+
+#--enable-shell        enable shell backend no|yes|mod no
+# configure: WARNING: Use of --without-threads is recommended with back-shell
+PACKAGECONFIG[shell] = "--enable-shell=mod --without-threads,--enable-shell=no,"
+
+#--enable-sql          enable sql backend no|yes|mod no
+# sql requires some sql backend which provides sql.h, sqlite* provides
+# sqlite.h (which may be compatible but hasn't been tried.)
+PACKAGECONFIG[sql] = "--enable-sql=mod,--enable-sql=no,sqlite3"
+
+#--enable-dyngroup     Dynamic Group overlay no|yes|mod no
+#  This is a demo, Proxy Cache defines init_module which conflicts with the
+#  same symbol in dyngroup
+PACKAGECONFIG[dyngroup] = "--enable-dyngroup=mod,--enable-dyngroup=no,"
+
+#--enable-proxycache   Proxy Cache overlay no|yes|mod no
+PACKAGECONFIG[proxycache] = "--enable-proxycache=mod,--enable-proxycache=no,"
+FILES_${PN}-overlay-proxycache = "${md}/pcache-*.so.*"
+PACKAGES += "${PN}-overlay-proxycache"
+
+CPPFLAGS_append = " -D_GNU_SOURCE"
+
+do_configure() {
+    cp ${STAGING_DATADIR_NATIVE}/libtool/config/ltmain.sh ${S}/build
+    rm -f ${S}/libtool
+    aclocal
+    libtoolize --force --copy
+    gnu-configize
+    autoconf
+    oe_runconf
+}
+
+LEAD_SONAME = "libldap-${LDAP_VER}.so.*"
+
+# The executables go in a separate package.  This allows the
+# installation of the libraries with no daemon support.
+# Each module also has its own package - see above.
+PACKAGES += "${PN}-slapd ${PN}-slurpd ${PN}-bin"
+
+# Package contents - shift most standard contents to -bin
+FILES_${PN} = "${libdir}/lib*.so.* ${sysconfdir}/openldap/ldap.* ${localstatedir}/openldap-data"
+FILES_${PN}-slapd = "${sysconfdir}/init.d ${libexecdir}/slapd ${sbindir} ${localstatedir}/run ${localstatedir}/volatile/run \
+    ${sysconfdir}/openldap/slapd.* ${sysconfdir}/openldap/schema \
+    ${sysconfdir}/openldap/DB_CONFIG.example"
+FILES_${PN}-slurpd = "${libexecdir}/slurpd ${localstatedir}/openldap-slurp ${localstatedir}/run ${localstatedir}/volatile/run"
+FILES_${PN}-bin = "${bindir}"
+FILES_${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libdir}/*.a ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la ${libexecdir}/openldap/*.so"
+FILES_${PN}-dbg += "${libexecdir}/openldap/.debug"
+
+do_install_append() {
+    install -d ${D}${sysconfdir}/init.d
+    cat ${WORKDIR}/initscript > ${D}${sysconfdir}/init.d/openldap
+    chmod 755 ${D}${sysconfdir}/init.d/openldap
+    # This is duplicated in /etc/openldap and is for slapd
+    rm -f ${D}${localstatedir}/openldap-data/DB_CONFIG.example
+    rmdir "${D}${localstatedir}/run"
+    rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+}
+
+pkg_postinst_${PN}-slapd () {
+    if test -n "${D}"; then
+        D="-r $D"
+    fi
+    update-rc.d $D openldap defaults
+}
+
+pkg_prerm_${PN}-slapd () {
+    if test -n "${D}"; then
+        D="-r $D"
+    fi
+    update-rc.d $D openldap remove
+}
+
+PACKAGES_DYNAMIC += "^openldap-backends.* ^openldap-backend-.*"
+
+python populate_packages_prepend () {
+    backend_dir    = d.expand('${libexecdir}/openldap')
+    do_split_packages(d, backend_dir, 'back_([a-z]*)\-.*\.so\..*$', 'openldap-backend-%s', 'OpenLDAP %s backend', extra_depends='', allow_links=True)
+
+    metapkg = "openldap-backends"
+    d.setVar('ALLOW_EMPTY_' + metapkg, "1")
+    d.setVar('FILES_' + metapkg, "")
+    metapkg_rdepends = []
+    packages = d.getVar('PACKAGES', 1).split()
+    for pkg in packages[1:]:
+        if pkg.count("openldap-backend-") and not pkg in metapkg_rdepends and not pkg.count("-dev") and not pkg.count("-dbg") and not pkg.count("static") and not pkg.count("locale"):
+            metapkg_rdepends.append(pkg)
+    d.setVar('RDEPENDS_' + metapkg, ' '.join(metapkg_rdepends))
+    d.setVar('DESCRIPTION_' + metapkg, 'OpenLDAP backends meta package')
+    packages.append(metapkg)
+    d.setVar('PACKAGES', ' '.join(packages))
+}