Merge pull request #273807 from h7x4/pkgs-fixup-heimdal
heimdal: 7.8.0 -> 7.8.0-unstable-2023-11-29, large cleanup
This commit is contained in:
commit
8d9eb920d3
@ -35,7 +35,7 @@ in
|
|||||||
mkdir -m 0755 -p ${stateDir}
|
mkdir -m 0755 -p ${stateDir}
|
||||||
'';
|
'';
|
||||||
serviceConfig.ExecStart =
|
serviceConfig.ExecStart =
|
||||||
"${kerberos}/libexec/heimdal/kadmind --config-file=/etc/heimdal-kdc/kdc.conf";
|
"${kerberos}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf";
|
||||||
restartTriggers = [ kdcConfFile ];
|
restartTriggers = [ kdcConfFile ];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -46,7 +46,7 @@ in
|
|||||||
mkdir -m 0755 -p ${stateDir}
|
mkdir -m 0755 -p ${stateDir}
|
||||||
'';
|
'';
|
||||||
serviceConfig.ExecStart =
|
serviceConfig.ExecStart =
|
||||||
"${kerberos}/libexec/heimdal/kdc --config-file=/etc/heimdal-kdc/kdc.conf";
|
"${kerberos}/libexec/kdc --config-file=/etc/heimdal-kdc/kdc.conf";
|
||||||
restartTriggers = [ kdcConfFile ];
|
restartTriggers = [ kdcConfFile ];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -56,7 +56,7 @@ in
|
|||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -m 0755 -p ${stateDir}
|
mkdir -m 0755 -p ${stateDir}
|
||||||
'';
|
'';
|
||||||
serviceConfig.ExecStart = "${kerberos}/libexec/heimdal/kpasswdd";
|
serviceConfig.ExecStart = "${kerberos}/libexec/kpasswdd";
|
||||||
restartTriggers = [ kdcConfFile ];
|
restartTriggers = [ kdcConfFile ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
--- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100
|
|
||||||
+++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100
|
|
||||||
@@ -9,6 +9,8 @@
|
|
||||||
sel-gram.h \
|
|
||||||
$(gen_files_ocsp:.x=.c) \
|
|
||||||
$(gen_files_pkcs10:.x=.c) \
|
|
||||||
+ ocsp_asn1.h \
|
|
||||||
+ pkcs10_asn1.h \
|
|
||||||
hx509_err.c \
|
|
||||||
hx509_err.h
|
|
@ -1,63 +1,138 @@
|
|||||||
{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, python3, perl, bison, flex
|
{ lib
|
||||||
, texinfo, perlPackages
|
, stdenv
|
||||||
, openldap, libcap_ng, sqlite, openssl, db, libedit, pam
|
, fetchFromGitHub
|
||||||
, CoreFoundation, Security, SystemConfiguration
|
, autoreconfHook
|
||||||
|
, pkg-config
|
||||||
|
, python3
|
||||||
|
, perl
|
||||||
|
, bison
|
||||||
|
, flex
|
||||||
|
, texinfo
|
||||||
|
, perlPackages
|
||||||
|
|
||||||
|
, openldap
|
||||||
|
, libcap_ng
|
||||||
|
, sqlite
|
||||||
|
, openssl
|
||||||
|
, db
|
||||||
|
, libedit
|
||||||
|
, pam
|
||||||
|
, krb5
|
||||||
|
, libmicrohttpd
|
||||||
|
, cjson
|
||||||
|
|
||||||
|
, CoreFoundation
|
||||||
|
, Security
|
||||||
|
, SystemConfiguration
|
||||||
|
|
||||||
|
, curl
|
||||||
|
, jdk
|
||||||
|
, unzip
|
||||||
|
, which
|
||||||
|
|
||||||
|
, nixosTests
|
||||||
|
|
||||||
|
, withCJSON ? true
|
||||||
|
, withCapNG ? stdenv.isLinux
|
||||||
|
# libmicrohttpd should theoretically work for darwin as well, but something is broken.
|
||||||
|
# It affects tests check-bx509d and check-httpkadmind.
|
||||||
|
, withMicroHTTPD ? stdenv.isLinux
|
||||||
|
, withOpenLDAP ? true
|
||||||
|
, withOpenLDAPAsHDBModule ? false
|
||||||
|
, withOpenSSL ? true
|
||||||
|
, withSQLite3 ? true
|
||||||
}:
|
}:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
|
||||||
|
OpenLDAP needs to be enabled in order to build the OpenLDAP HDB Module.
|
||||||
|
'';
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
pname = "heimdal";
|
pname = "heimdal";
|
||||||
version = "7.8.0";
|
version = "7.8.0-unstable-2023-11-29";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "heimdal";
|
owner = "heimdal";
|
||||||
repo = "heimdal";
|
repo = "heimdal";
|
||||||
rev = "heimdal-${version}";
|
rev = "3253c49544eacb33d5ad2f6f919b0696e5aab794";
|
||||||
sha256 = "sha256-iXOaar1S3y0xHdL0S+vS0uxoFQjy43kABxqE+KEhxjU=";
|
hash = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM=";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = [ "out" "dev" "man" "info" ];
|
outputs = [ "out" "dev" "man" "info" ];
|
||||||
|
|
||||||
patches = [ ./heimdal-make-missing-headers.patch ];
|
nativeBuildInputs = [
|
||||||
|
autoreconfHook
|
||||||
|
pkg-config
|
||||||
|
python3
|
||||||
|
perl
|
||||||
|
bison
|
||||||
|
flex
|
||||||
|
texinfo
|
||||||
|
]
|
||||||
|
++ (with perlPackages; [ JSON ]);
|
||||||
|
|
||||||
nativeBuildInputs = [ autoreconfHook pkg-config python3 perl bison flex texinfo ]
|
buildInputs = [ db libedit pam ]
|
||||||
++ (with perlPackages; [ JSON ]);
|
++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ]
|
||||||
buildInputs = lib.optionals (stdenv.isLinux) [ libcap_ng ]
|
++ lib.optionals (withCJSON) [ cjson ]
|
||||||
++ [ db sqlite openssl libedit openldap pam]
|
++ lib.optionals (withCapNG) [ libcap_ng ]
|
||||||
++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ];
|
++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ]
|
||||||
|
++ lib.optionals (withOpenLDAP) [ openldap ]
|
||||||
|
++ lib.optionals (withOpenSSL) [ openssl ]
|
||||||
|
++ lib.optionals (withSQLite3) [ sqlite ];
|
||||||
|
|
||||||
## ugly, X should be made an option
|
doCheck = true;
|
||||||
configureFlags = [
|
nativeCheckInputs = [
|
||||||
"--sysconfdir=/etc"
|
curl
|
||||||
"--localstatedir=/var"
|
jdk
|
||||||
"--infodir=$info/share/info"
|
unzip
|
||||||
"--enable-hdb-openldap-module"
|
which
|
||||||
"--with-sqlite3=${sqlite.dev}"
|
|
||||||
|
|
||||||
# ugly, --with-libedit is not enought, it fall back to bundled libedit
|
|
||||||
"--with-libedit-include=${libedit.dev}/include"
|
|
||||||
"--with-libedit-lib=${libedit}/lib"
|
|
||||||
"--with-openssl=${openssl.dev}"
|
|
||||||
"--without-x"
|
|
||||||
"--with-berkeley-db"
|
|
||||||
"--with-berkeley-db-include=${db.dev}/include"
|
|
||||||
"--with-openldap=${openldap.dev}"
|
|
||||||
] ++ lib.optionals (stdenv.isLinux) [
|
|
||||||
"--with-capng"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
postUnpack = ''
|
configureFlags = [
|
||||||
sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common
|
"--with-libedit-include=${libedit.dev}/include"
|
||||||
sed -i -e 's/date/date --date="@$SOURCE_DATE_EPOCH"/' source/configure.ac
|
"--with-libedit-lib=${libedit}/lib"
|
||||||
|
"--with-berkeley-db-include=${db.dev}/include"
|
||||||
|
"--with-berkeley-db"
|
||||||
|
|
||||||
|
"--without-x"
|
||||||
|
"--disable-afs-string-to-key"
|
||||||
|
] ++ lib.optionals (withCapNG) [
|
||||||
|
"--with-capng"
|
||||||
|
] ++ lib.optionals (withCJSON) [
|
||||||
|
"--with-cjson=${cjson}"
|
||||||
|
] ++ lib.optionals (withOpenLDAP) [
|
||||||
|
"--with-openldap=${openldap.dev}"
|
||||||
|
] ++ lib.optionals (withOpenLDAPAsHDBModule) [
|
||||||
|
"--enable-hdb-openldap-module"
|
||||||
|
] ++ lib.optionals (withSQLite3) [
|
||||||
|
"--with-sqlite3=${sqlite.dev}"
|
||||||
|
];
|
||||||
|
|
||||||
|
# (check-ldap) slapd resides within ${openldap}/libexec,
|
||||||
|
# which is not part of $PATH by default.
|
||||||
|
# (check-ldap) prepending ${openldap}/bin to the path to avoid
|
||||||
|
# using the default installation of openldap on unsandboxed darwin systems,
|
||||||
|
# which does not support the new mdb backend at the moment (2024-01-13).
|
||||||
|
# (check-ldap) the bdb backend got deprecated in favour of mdb in openldap 2.5.0,
|
||||||
|
# but the heimdal tests still seem to expect bdb as the openldap backend.
|
||||||
|
# This might be fixed upstream in a future update.
|
||||||
|
patchPhase = ''
|
||||||
|
runHook prePatch
|
||||||
|
|
||||||
|
substituteInPlace tests/ldap/slapd-init.in \
|
||||||
|
--replace 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema '
|
||||||
|
substituteInPlace tests/ldap/check-ldap.in \
|
||||||
|
--replace 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:'
|
||||||
|
substituteInPlace tests/ldap/slapd.conf \
|
||||||
|
--replace 'database bdb' 'database mdb'
|
||||||
|
|
||||||
|
runHook postPatch
|
||||||
'';
|
'';
|
||||||
|
|
||||||
preConfigure = ''
|
# (test_cc) heimdal uses librokens implementation of `secure_getenv` on darwin,
|
||||||
configureFlagsArray+=(
|
# which expects either USER or LOGNAME to be set.
|
||||||
"--bindir=$out/bin"
|
preCheck = lib.optionalString (stdenv.isDarwin) ''
|
||||||
"--sbindir=$out/sbin"
|
export USER=nix-builder
|
||||||
"--libexecdir=$out/libexec/heimdal"
|
|
||||||
"--mandir=$man/share/man"
|
|
||||||
"--infodir=$man/share/info"
|
|
||||||
"--includedir=$dev/include")
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# We need to build hcrypt for applications like samba
|
# We need to build hcrypt for applications like samba
|
||||||
@ -71,15 +146,12 @@ stdenv.mkDerivation rec {
|
|||||||
(cd include/hcrypto; make -j $NIX_BUILD_CORES install)
|
(cd include/hcrypto; make -j $NIX_BUILD_CORES install)
|
||||||
(cd lib/hcrypto; make -j $NIX_BUILD_CORES install)
|
(cd lib/hcrypto; make -j $NIX_BUILD_CORES install)
|
||||||
|
|
||||||
# Do we need it?
|
|
||||||
rm $out/bin/su
|
|
||||||
|
|
||||||
mkdir -p $dev/bin
|
mkdir -p $dev/bin
|
||||||
mv $out/bin/krb5-config $dev/bin/
|
mv $out/bin/krb5-config $dev/bin/
|
||||||
|
|
||||||
# asn1 compilers, move them to $dev
|
# asn1 compilers, move them to $dev
|
||||||
mv $out/libexec/heimdal/heimdal/* $dev/bin
|
mv $out/libexec/heimdal/* $dev/bin
|
||||||
rmdir $out/libexec/heimdal/heimdal
|
rmdir $out/libexec/heimdal
|
||||||
|
|
||||||
# compile_et is needed for cross-compiling this package and samba
|
# compile_et is needed for cross-compiling this package and samba
|
||||||
mv lib/com_err/.libs/compile_et $dev/bin
|
mv lib/com_err/.libs/compile_et $dev/bin
|
||||||
@ -90,11 +162,17 @@ stdenv.mkDerivation rec {
|
|||||||
# hx_locl.h:67:25: fatal error: pkcs10_asn1.h: No such file or directory
|
# hx_locl.h:67:25: fatal error: pkcs10_asn1.h: No such file or directory
|
||||||
#enableParallelBuilding = true;
|
#enableParallelBuilding = true;
|
||||||
|
|
||||||
|
passthru = {
|
||||||
|
implementation = "heimdal";
|
||||||
|
tests.nixos = nixosTests.kerberos.heimdal;
|
||||||
|
};
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
|
homepage = "https://www.heimdal.software";
|
||||||
|
changelog = "https://github.com/heimdal/heimdal/releases";
|
||||||
description = "An implementation of Kerberos 5 (and some more stuff)";
|
description = "An implementation of Kerberos 5 (and some more stuff)";
|
||||||
license = licenses.bsd3;
|
license = licenses.bsd3;
|
||||||
platforms = platforms.unix;
|
platforms = platforms.unix;
|
||||||
|
maintainers = with maintainers; [ h7x4 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
passthru.implementation = "heimdal";
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user