diff options
3 files changed, 123 insertions, 51 deletions
diff --git a/nixos/modules/services/system/kerberos/heimdal.nix b/nixos/modules/services/system/kerberos/heimdal.nix index 837c59caa562..816a2a8db061 100644 --- a/nixos/modules/services/system/kerberos/heimdal.nix +++ b/nixos/modules/services/system/kerberos/heimdal.nix @@ -35,7 +35,7 @@ in mkdir -m 0755 -p ${stateDir} ''; serviceConfig.ExecStart = - "${kerberos}/libexec/heimdal/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; + "${kerberos}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; restartTriggers = [ kdcConfFile ]; }; @@ -46,7 +46,7 @@ in mkdir -m 0755 -p ${stateDir} ''; serviceConfig.ExecStart = - "${kerberos}/libexec/heimdal/kdc --config-file=/etc/heimdal-kdc/kdc.conf"; + "${kerberos}/libexec/kdc --config-file=/etc/heimdal-kdc/kdc.conf"; restartTriggers = [ kdcConfFile ]; }; @@ -56,7 +56,7 @@ in preStart = '' mkdir -m 0755 -p ${stateDir} ''; - serviceConfig.ExecStart = "${kerberos}/libexec/heimdal/kpasswdd"; + serviceConfig.ExecStart = "${kerberos}/libexec/kpasswdd"; restartTriggers = [ kdcConfFile ]; }; diff --git a/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch b/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch deleted file mode 100644 index a0fa625538b7..000000000000 --- a/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100 -+++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100 -@@ -9,6 +9,8 @@ - sel-gram.h \ - $(gen_files_ocsp:.x=.c) \ - $(gen_files_pkcs10:.x=.c) \ -+ ocsp_asn1.h \ -+ pkcs10_asn1.h \ - hx509_err.c \ - hx509_err.h diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix index 29fd897c7fee..8a3cc0b25a1d 100644 --- a/pkgs/development/libraries/kerberos/heimdal.nix +++ b/pkgs/development/libraries/kerberos/heimdal.nix @@ -1,9 +1,52 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, python3, perl, bison, flex -, texinfo, perlPackages -, openldap, libcap_ng, sqlite, openssl, db, libedit, pam -, CoreFoundation, Security, SystemConfiguration +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, python3 +, perl +, bison +, flex +, texinfo +, perlPackages + +, openldap +, libcap_ng +, sqlite +, openssl +, db +, libedit +, pam +, krb5 +, libmicrohttpd +, cjson + +, CoreFoundation +, Security +, SystemConfiguration + +, curl +, jdk +, unzip +, which + +, nixosTests + +, withCJSON ? true +, withCapNG ? stdenv.isLinux +# libmicrohttpd should theoretically work for darwin as well, but something is broken. +# It affects tests check-bx509d and check-httpkadmind. +, withMicroHTTPD ? stdenv.isLinux +, withOpenLDAP ? true +, withOpenLDAPAsHDBModule ? false +, withOpenSSL ? true +, withSQLite3 ? true }: +assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) '' + OpenLDAP needs to be enabled in order to build the OpenLDAP HDB Module. +''; + stdenv.mkDerivation { pname = "heimdal"; version = "7.8.0-unstable-2023-11-29"; @@ -12,50 +55,84 @@ stdenv.mkDerivation { owner = "heimdal"; repo = "heimdal"; rev = "3253c49544eacb33d5ad2f6f919b0696e5aab794"; - sha256 = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM="; + hash = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM="; }; outputs = [ "out" "dev" "man" "info" ]; - nativeBuildInputs = [ autoreconfHook pkg-config python3 perl bison flex texinfo ] - ++ (with perlPackages; [ JSON ]); - buildInputs = lib.optionals (stdenv.isLinux) [ libcap_ng ] - ++ [ db sqlite openssl libedit openldap pam] - ++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ]; + nativeBuildInputs = [ + autoreconfHook + pkg-config + python3 + perl + bison + flex + texinfo + ] + ++ (with perlPackages; [ JSON ]); + + buildInputs = [ db libedit pam ] + ++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ] + ++ lib.optionals (withCJSON) [ cjson ] + ++ lib.optionals (withCapNG) [ libcap_ng ] + ++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ] + ++ lib.optionals (withOpenLDAP) [ openldap ] + ++ lib.optionals (withOpenSSL) [ openssl ] + ++ lib.optionals (withSQLite3) [ sqlite ]; + + doCheck = true; + nativeCheckInputs = [ + curl + jdk + unzip + which + ]; - ## ugly, X should be made an option configureFlags = [ - "--sysconfdir=/etc" - "--localstatedir=/var" - "--infodir=$info/share/info" - "--enable-hdb-openldap-module" - "--with-sqlite3=${sqlite.dev}" - - # ugly, --with-libedit is not enought, it fall back to bundled libedit "--with-libedit-include=${libedit.dev}/include" "--with-libedit-lib=${libedit}/lib" - "--with-openssl=${openssl.dev}" - "--without-x" - "--with-berkeley-db" "--with-berkeley-db-include=${db.dev}/include" - "--with-openldap=${openldap.dev}" - ] ++ lib.optionals (stdenv.isLinux) [ + "--with-berkeley-db" + + "--without-x" + "--disable-afs-string-to-key" + ] ++ lib.optionals (withCapNG) [ "--with-capng" + ] ++ lib.optionals (withCJSON) [ + "--with-cjson=${cjson}" + ] ++ lib.optionals (withOpenLDAP) [ + "--with-openldap=${openldap.dev}" + ] ++ lib.optionals (withOpenLDAPAsHDBModule) [ + "--enable-hdb-openldap-module" + ] ++ lib.optionals (withSQLite3) [ + "--with-sqlite3=${sqlite.dev}" ]; - postUnpack = '' - sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common - sed -i -e 's/date/date --date="@$SOURCE_DATE_EPOCH"/' source/configure.ac + # (check-ldap) slapd resides within ${openldap}/libexec, + # which is not part of $PATH by default. + # (check-ldap) prepending ${openldap}/bin to the path to avoid + # using the default installation of openldap on unsandboxed darwin systems, + # which does not support the new mdb backend at the moment (2024-01-13). + # (check-ldap) the bdb backend got deprecated in favour of mdb in openldap 2.5.0, + # but the heimdal tests still seem to expect bdb as the openldap backend. + # This might be fixed upstream in a future update. + patchPhase = '' + runHook prePatch + + substituteInPlace tests/ldap/slapd-init.in \ + --replace 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema ' + substituteInPlace tests/ldap/check-ldap.in \ + --replace 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:' + substituteInPlace tests/ldap/slapd.conf \ + --replace 'database bdb' 'database mdb' + + runHook postPatch ''; - preConfigure = '' - configureFlagsArray+=( - "--bindir=$out/bin" - "--sbindir=$out/sbin" - "--libexecdir=$out/libexec/heimdal" - "--mandir=$man/share/man" - "--infodir=$man/share/info" - "--includedir=$dev/include") + # (test_cc) heimdal uses librokens implementation of `secure_getenv` on darwin, + # which expects either USER or LOGNAME to be set. + preCheck = lib.optionalString (stdenv.isDarwin) '' + export USER=nix-builder ''; # We need to build hcrypt for applications like samba @@ -73,8 +150,8 @@ stdenv.mkDerivation { mv $out/bin/krb5-config $dev/bin/ # asn1 compilers, move them to $dev - mv $out/libexec/heimdal/heimdal/* $dev/bin - rmdir $out/libexec/heimdal/heimdal + mv $out/libexec/heimdal/* $dev/bin + rmdir $out/libexec/heimdal # compile_et is needed for cross-compiling this package and samba mv lib/com_err/.libs/compile_et $dev/bin @@ -85,11 +162,16 @@ stdenv.mkDerivation { # hx_locl.h:67:25: fatal error: pkcs10_asn1.h: No such file or directory #enableParallelBuilding = true; + passthru = { + implementation = "heimdal"; + tests.nixos = nixosTests.kerberos.heimdal; + }; + meta = with lib; { + homepage = "https://www.heimdal.software"; + changelog = "https://github.com/heimdal/heimdal/releases"; description = "An implementation of Kerberos 5 (and some more stuff)"; license = licenses.bsd3; platforms = platforms.unix; }; - - passthru.implementation = "heimdal"; } |