diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/kerberos')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/kerberos/heimdal.nix | 178 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/kerberos/krb5.nix | 130 |
2 files changed, 308 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/kerberos/heimdal.nix b/nixpkgs/pkgs/development/libraries/kerberos/heimdal.nix new file mode 100644 index 000000000000..ff211b6b9c34 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/kerberos/heimdal.nix @@ -0,0 +1,178 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, python3 +, perl +, bison +, flex +, texinfo +, perlPackages + +, openldap +, libcap_ng +, sqlite +, openssl +, db +, libedit +, pam +, krb5 +, libmicrohttpd +, cjson + +, CoreFoundation +, Security +, SystemConfiguration + +, curl +, jdk +, unzip +, which + +, nixosTests + +, withCJSON ? true +, withCapNG ? stdenv.isLinux +# libmicrohttpd should theoretically work for darwin as well, but something is broken. +# It affects tests check-bx509d and check-httpkadmind. +, withMicroHTTPD ? stdenv.isLinux +, withOpenLDAP ? true +, withOpenLDAPAsHDBModule ? false +, withOpenSSL ? true +, withSQLite3 ? true +}: + +assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) '' + OpenLDAP needs to be enabled in order to build the OpenLDAP HDB Module. +''; + +stdenv.mkDerivation { + pname = "heimdal"; + version = "7.8.0-unstable-2023-11-29"; + + src = fetchFromGitHub { + owner = "heimdal"; + repo = "heimdal"; + rev = "3253c49544eacb33d5ad2f6f919b0696e5aab794"; + hash = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM="; + }; + + outputs = [ "out" "dev" "man" "info" ]; + + nativeBuildInputs = [ + autoreconfHook + pkg-config + python3 + perl + bison + flex + texinfo + ] + ++ (with perlPackages; [ JSON ]); + + buildInputs = [ db libedit pam ] + ++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ] + ++ lib.optionals (withCJSON) [ cjson ] + ++ lib.optionals (withCapNG) [ libcap_ng ] + ++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ] + ++ lib.optionals (withOpenLDAP) [ openldap ] + ++ lib.optionals (withOpenSSL) [ openssl ] + ++ lib.optionals (withSQLite3) [ sqlite ]; + + doCheck = true; + nativeCheckInputs = [ + curl + jdk + unzip + which + ]; + + configureFlags = [ + "--with-libedit-include=${libedit.dev}/include" + "--with-libedit-lib=${libedit}/lib" + "--with-berkeley-db-include=${db.dev}/include" + "--with-berkeley-db" + + "--without-x" + "--disable-afs-string-to-key" + ] ++ lib.optionals (withCapNG) [ + "--with-capng" + ] ++ lib.optionals (withCJSON) [ + "--with-cjson=${cjson}" + ] ++ lib.optionals (withOpenLDAP) [ + "--with-openldap=${openldap.dev}" + ] ++ lib.optionals (withOpenLDAPAsHDBModule) [ + "--enable-hdb-openldap-module" + ] ++ lib.optionals (withSQLite3) [ + "--with-sqlite3=${sqlite.dev}" + ]; + + # (check-ldap) slapd resides within ${openldap}/libexec, + # which is not part of $PATH by default. + # (check-ldap) prepending ${openldap}/bin to the path to avoid + # using the default installation of openldap on unsandboxed darwin systems, + # which does not support the new mdb backend at the moment (2024-01-13). + # (check-ldap) the bdb backend got deprecated in favour of mdb in openldap 2.5.0, + # but the heimdal tests still seem to expect bdb as the openldap backend. + # This might be fixed upstream in a future update. + patchPhase = '' + runHook prePatch + + substituteInPlace tests/ldap/slapd-init.in \ + --replace 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema ' + substituteInPlace tests/ldap/check-ldap.in \ + --replace 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:' + substituteInPlace tests/ldap/slapd.conf \ + --replace 'database bdb' 'database mdb' + + runHook postPatch + ''; + + # (test_cc) heimdal uses librokens implementation of `secure_getenv` on darwin, + # which expects either USER or LOGNAME to be set. + preCheck = lib.optionalString (stdenv.isDarwin) '' + export USER=nix-builder + ''; + + # We need to build hcrypt for applications like samba + postBuild = '' + (cd include/hcrypto; make -j $NIX_BUILD_CORES) + (cd lib/hcrypto; make -j $NIX_BUILD_CORES) + ''; + + postInstall = '' + # Install hcrypto + (cd include/hcrypto; make -j $NIX_BUILD_CORES install) + (cd lib/hcrypto; make -j $NIX_BUILD_CORES install) + + mkdir -p $dev/bin + mv $out/bin/krb5-config $dev/bin/ + + # asn1 compilers, move them to $dev + mv $out/libexec/heimdal/* $dev/bin + rmdir $out/libexec/heimdal + + # compile_et is needed for cross-compiling this package and samba + mv lib/com_err/.libs/compile_et $dev/bin + ''; + + # Issues with hydra + # In file included from hxtool.c:34:0: + # hx_locl.h:67:25: fatal error: pkcs10_asn1.h: No such file or directory + #enableParallelBuilding = true; + + passthru = { + implementation = "heimdal"; + tests.nixos = nixosTests.kerberos.heimdal; + }; + + meta = with lib; { + homepage = "https://www.heimdal.software"; + changelog = "https://github.com/heimdal/heimdal/releases"; + description = "An implementation of Kerberos 5 (and some more stuff)"; + license = licenses.bsd3; + platforms = platforms.unix; + maintainers = with maintainers; [ h7x4 ]; + }; +} diff --git a/nixpkgs/pkgs/development/libraries/kerberos/krb5.nix b/nixpkgs/pkgs/development/libraries/kerberos/krb5.nix new file mode 100644 index 000000000000..bfa2974bdc5b --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/kerberos/krb5.nix @@ -0,0 +1,130 @@ +{ lib, stdenv, fetchurl, pkg-config, perl, bison, bootstrap_cmds +, openssl, openldap, libedit, keyutils, libverto, darwin + +# for passthru.tests +, bind +, curl +, nixosTests +, openssh +, postgresql +, python3 + +# Extra Arguments +, type ? "" +# This is called "staticOnly" because krb5 does not support +# builting both static and shared, see below. +, staticOnly ? false +, withLdap ? false +, withVerto ? false +}: + +# Note: this package is used for bootstrapping fetchurl, and thus +# cannot use fetchpatch! All mutable patches (generated by GitHub or +# cgit) that are needed here should be included directly in Nixpkgs as +# files. + +let + libOnly = type == "lib"; +in + +assert withLdap -> !libOnly; + +stdenv.mkDerivation rec { + pname = "${type}krb5"; + version = "1.21.2"; + + src = fetchurl { + url = "https://kerberos.org/dist/krb5/${lib.versions.majorMinor version}/krb5-${version}.tar.gz"; + hash = "sha256-lWCUGp2EPAJDpxsXp6xv4xx867W845g9t55Srn6FBJE="; + }; + + outputs = [ "out" "dev" ]; + + configureFlags = [ "--localstatedir=/var/lib" ] + # krb5's ./configure does not allow passing --enable-shared and --enable-static at the same time. + # See https://bbs.archlinux.org/viewtopic.php?pid=1576737#p1576737 + ++ lib.optionals staticOnly [ "--enable-static" "--disable-shared" ] + ++ lib.optional withLdap "--with-ldap" + ++ lib.optional withVerto "--with-system-verto" + ++ lib.optional stdenv.isFreeBSD ''WARN_CFLAGS=""'' + ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) + [ "krb5_cv_attr_constructor_destructor=yes,yes" + "ac_cv_func_regcomp=yes" + "ac_cv_printf_positional=yes" + ]; + + nativeBuildInputs = [ pkg-config perl ] + ++ lib.optional (!libOnly) bison + # Provides the mig command used by the build scripts + ++ lib.optional stdenv.isDarwin bootstrap_cmds; + + buildInputs = [ openssl ] + ++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "bionic" && !(stdenv.hostPlatform.useLLVM or false)) [ keyutils ] + ++ lib.optionals (!libOnly) [ libedit ] + ++ lib.optionals withLdap [ openldap ] + ++ lib.optionals withVerto [ libverto ]; + + propagatedBuildInputs = lib.optionals stdenv.isDarwin (with darwin.apple_sdk; [ + libs.xpc + frameworks.Kerberos + ]); + + sourceRoot = "krb5-${version}/src"; + + postPatch = '' + substituteInPlace config/shlib.conf \ + --replace "'ld " "'${stdenv.cc.targetPrefix}ld " + ''; + + libFolders = [ "util" "include" "lib" "build-tools" ]; + + buildPhase = lib.optionalString libOnly '' + runHook preBuild + + MAKE="make -j $NIX_BUILD_CORES" + for folder in $libFolders; do + $MAKE -C $folder + done + + runHook postBuild + ''; + + installPhase = lib.optionalString libOnly '' + runHook preInstall + + mkdir -p "$out"/{bin,sbin,lib/pkgconfig,share/{et,man/man1}} \ + "$dev"/include/{gssapi,gssrpc,kadm5,krb5} + for folder in $libFolders; do + $MAKE -C $folder install + done + + runHook postInstall + ''; + + # not via outputBin, due to reference from libkrb5.so + postInstall = '' + moveToOutput bin/krb5-config "$dev" + ''; + + enableParallelBuilding = true; + doCheck = false; # fails with "No suitable file for testing purposes" + + meta = with lib; { + description = "MIT Kerberos 5"; + homepage = "http://web.mit.edu/kerberos/"; + license = licenses.mit; + platforms = platforms.unix ++ platforms.windows; + }; + + passthru = { + implementation = "krb5"; + tests = { + inherit (nixosTests) kerberos; + inherit (python3.pkgs) requests-credssp; + bind = bind.override { enableGSSAPI = true; }; + curl = curl.override { gssSupport = true; }; + openssh = openssh.override { withKerberos = true; }; + postgresql = postgresql.override { gssSupport = true; }; + }; + }; +} |