about summary refs log tree commit diff
path: root/nixpkgs/pkgs/servers/samba
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/servers/samba')
-rw-r--r--nixpkgs/pkgs/servers/samba/3.x.nix99
-rw-r--r--nixpkgs/pkgs/servers/samba/4.x-no-persistent-install-dynconfig.patch15
-rw-r--r--nixpkgs/pkgs/servers/samba/4.x-no-persistent-install.patch39
-rw-r--r--nixpkgs/pkgs/servers/samba/4.x.nix106
-rw-r--r--nixpkgs/pkgs/servers/samba/master.nix29
-rw-r--r--nixpkgs/pkgs/servers/samba/patch-source3__libads__kerberos_keytab.c.patch20
6 files changed, 308 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/samba/3.x.nix b/nixpkgs/pkgs/servers/samba/3.x.nix
new file mode 100644
index 000000000000..1f432c189880
--- /dev/null
+++ b/nixpkgs/pkgs/servers/samba/3.x.nix
@@ -0,0 +1,99 @@
+{ stdenv, fetchurl, readline, pam ? null, openldap ? null
+, popt, iniparser, libunwind
+, fam ? null , acl ? null, cups ? null
+, useKerberos ? false, kerberos ? null, winbind ? true
+
+# Eg. smbclient and smbspool require a smb.conf file.
+# If you set configDir to "" an empty configuration file
+# $out/lib/smb.conf is is created for you.
+#
+# configDir defaults to "/etc/samba" so that smbpassword picks up
+# the location of its passwd db files from the system configuration file
+# /etc/samba/smb.conf. That's why nixos touches /etc/samba/smb.conf even if you
+# don't enable the samba upstart service.
+, configDir ? "/etc/samba"
+
+}:
+
+assert useKerberos -> kerberos != null;
+
+stdenv.mkDerivation rec {
+  name = "samba-3.6.25";
+
+  src = fetchurl {
+    url = "mirror://samba/pub/samba/stable/${name}.tar.gz";
+    sha256 = "0l9pz2m67vf398q3c2dwn8jwdxsjb20igncf4byhv6yq5dzqlb4g";
+  };
+
+  patches = [(fetchurl {
+    url = "https://download.samba.org/pub/samba/patches/security/"
+        + "samba-3.6.25-security-2015-12-16.patch";
+    sha256 = "00dcjcn577825mfdwdp76jfy5kcrqw3s4d5c41gqdq5gfcdbmqdb";
+  })];
+
+  buildInputs = [ readline pam openldap popt iniparser libunwind fam acl cups ]
+    ++ stdenv.lib.optional useKerberos kerberos;
+
+  enableParallelBuilding = true;
+
+  postPatch =
+    # XXX: Awful hack to allow cross-compilation.
+    '' sed -i source3/configure \
+           -e 's/^as_fn_error .. \("cannot run test program while cross compiling\)/$as_echo \1/g'
+    ''; # "
+
+  preConfigure =
+    '' cd source3
+       export samba_cv_CC_NEGATIVE_ENUM_VALUES=yes
+       export libreplace_cv_HAVE_GETADDRINFO=yes
+       export ac_cv_file__proc_sys_kernel_core_pattern=no # XXX: true on Linux, false elsewhere
+    '';
+
+  configureFlags =
+    stdenv.lib.optionals (pam != null) [ "--with-pam" "--with-pam_smbpass" ]
+    ++ [ "--with-aio-support"
+         "--disable-swat"
+         "--with-configdir=${configDir}"
+         "--with-fhs"
+         "--localstatedir=/var"
+       ]
+    ++ (stdenv.lib.optional winbind "--with-winbind")
+    ++ (stdenv.lib.optional (stdenv.cc.libc != null) "--with-libiconv=${stdenv.cc.libc}");
+
+  # Need to use a DESTDIR because `make install' tries to write in /var and /etc.
+  installFlags = "DESTDIR=$(TMPDIR)/inst";
+
+  stripAllList = [ "bin" "sbin" ];
+
+  postInstall =
+    ''
+      mkdir -p $out
+      mv $TMPDIR/inst/$out/* $out/
+
+      mkdir -p "$out/lib/pkgconfig"
+      cp pkgconfig/*.pc "$out/lib/pkgconfig"
+
+      mkdir -pv $out/lib/cups/backend
+      ln -sv ../../../bin/smbspool $out/lib/cups/backend/smb
+      mkdir -pv $out/etc/openldap/schema
+      cp ../examples/LDAP/samba.schema $out/etc/openldap/schema
+
+      # For nsswitch. Glibc >= 2.1 looks for libnss_<name>.so.2 (see man
+      # nsswitch.conf), so provide that too.
+      cp -v ../nsswitch/libnss_wins.so "$out/lib"
+      cp -v ../nsswitch/libnss_winbind.so "$out/lib"
+      (cd "$out/lib" && ln -s libnss_winbind.so libnss_winbind.so.2)
+      (cd "$out/lib" && ln -s libnss_wins.so libnss_wins.so.2)
+    '' # */
+    + stdenv.lib.optionalString (configDir == "") "touch $out/lib/smb.conf";
+
+  meta = with stdenv.lib; {
+    homepage = https://www.samba.org/;
+    description = "The standard Windows interoperability suite of programs for Linux and Unix";
+    platforms = platforms.linux;
+    license = licenses.gpl3;
+    knownVulnerabilities = [
+      "Numerous CVEs and no patches from upstream for 3.x since 2014."
+    ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install-dynconfig.patch b/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install-dynconfig.patch
new file mode 100644
index 000000000000..7e3652dbe7b7
--- /dev/null
+++ b/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install-dynconfig.patch
@@ -0,0 +1,15 @@
+diff -ru3 samba-4.4.6/dynconfig/wscript samba-4.4.6-new/dynconfig/wscript
+--- samba-4.4.6/dynconfig/wscript	2016-01-26 14:45:46.000000000 +0300
++++ samba-4.4.6-new/dynconfig/wscript	2016-10-15 22:21:18.159705132 +0300
+@@ -416,11 +416,3 @@
+                         public_headers=os_path_relpath(os.path.join(Options.launch_dir, version_header), bld.curdir),
+                         header_path='samba',
+                         cflags=cflags)
+-
+-    # install some extra empty directories
+-    bld.INSTALL_DIRS("", "${CONFIGDIR} ${PRIVATE_DIR} ${LOGFILEBASE}");
+-    bld.INSTALL_DIRS("", "${PRIVATE_DIR} ${PRIVILEGED_SOCKET_DIR}")
+-    bld.INSTALL_DIRS("", "${STATEDIR} ${CACHEDIR}");
+-
+-    # these might be on non persistent storage
+-    bld.INSTALL_DIRS("", "${LOCKDIR} ${PIDDIR} ${SOCKET_DIR}")
diff --git a/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install.patch b/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install.patch
new file mode 100644
index 000000000000..1c360f6b2c77
--- /dev/null
+++ b/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install.patch
@@ -0,0 +1,39 @@
+diff -ru3 samba-4.4.6/ctdb/wscript samba-4.4.6-new/ctdb/wscript
+--- samba-4.4.6/ctdb/wscript	2016-09-22 09:42:48.000000000 +0300
++++ samba-4.4.6-new/ctdb/wscript	2016-10-15 23:31:13.932088237 +0300
+@@ -581,7 +581,7 @@
+     for t in etc_subdirs:
+         files = SUBDIR_MODE('%s/%s' % (configdir, t), trim_path=configdir)
+         for fmode in files:
+-            bld.INSTALL_FILES(bld.env.CTDB_ETCDIR, 'config/%s' % fmode[0],
++            bld.INSTALL_FILES('${EXEC_PREFIX}${CTDB_ETCDIR}', 'config/%s' % fmode[0],
+                               destname=fmode[0], chmod=fmode[1])
+ 
+     bld.SAMBA_GENERATOR('ctdb-functions',
+@@ -601,23 +601,19 @@
+     ]
+ 
+     for t in etc_scripts:
+-        bld.INSTALL_FILES(bld.env.CTDB_ETCDIR, 'config/%s' % t,
++        bld.INSTALL_FILES('${EXEC_PREFIX}${CTDB_ETCDIR}', 'config/%s' % t,
+                           destname=t, chmod=0755)
+ 
+     bld.SAMBA_GENERATOR('ctdb-sudoers',
+                         source='config/ctdb.sudoers',
+                         target='ctdb.sudoers',
+                         rule='sed %s ${SRC} > ${TGT}' % (sed_cmdline))
+-    bld.INSTALL_FILES('${SYSCONFDIR}/sudoers.d', 'ctdb.sudoers',
++    bld.INSTALL_FILES('${EXEC_PREFIX}${SYSCONFDIR}/sudoers.d', 'ctdb.sudoers',
+                       destname='ctdb')
+ 
+-    bld.INSTALL_FILES('${CTDB_ETCDIR}/notify.d', 'config/notify.d.README',
++    bld.INSTALL_FILES('${EXEC_PREFIX}${CTDB_ETCDIR}/notify.d', 'config/notify.d.README',
+                       destname='README')
+ 
+-    bld.install_dir(bld.env.CTDB_LOGDIR)
+-    bld.install_dir(bld.env.CTDB_RUNDIR)
+-    bld.install_dir(bld.env.CTDB_VARDIR)
+-
+     # Unit tests
+     ctdb_unit_tests = [
+         'db_hash_test',
diff --git a/nixpkgs/pkgs/servers/samba/4.x.nix b/nixpkgs/pkgs/servers/samba/4.x.nix
new file mode 100644
index 000000000000..38f13fcd1fa1
--- /dev/null
+++ b/nixpkgs/pkgs/servers/samba/4.x.nix
@@ -0,0 +1,106 @@
+{ lib, stdenv, fetchurl, python, pkgconfig, perl, libxslt, docbook_xsl
+, fetchpatch
+, docbook_xml_dtd_42, readline, talloc
+, popt, iniparser, libbsd, libarchive, libiconv, gettext
+, krb5Full, zlib, openldap, cups, pam, avahi, acl, libaio, fam, libceph, glusterfs
+, gnutls, ncurses, libunwind, systemd
+
+, enableLDAP ? false
+, enablePrinting ? false
+, enableMDNS ? false
+, enableDomainController ? false
+, enableRegedit ? true
+, enableCephFS ? false
+, enableGlusterFS ? false
+, enableAcl ? (!stdenv.isDarwin)
+, enablePam ? (!stdenv.isDarwin)
+}:
+
+with lib;
+
+stdenv.mkDerivation rec {
+  name = "samba-${version}";
+  version = "4.7.10";
+
+  src = fetchurl {
+    url = "mirror://samba/pub/samba/stable/${name}.tar.gz";
+    sha256 = "0w5y6a7kiw5ap7hd84yglzk7cjax6lxlszd0wz1sxnmqx4a6hn9l";
+  };
+
+  outputs = [ "out" "dev" "man" ];
+
+  patches =
+    [ ./4.x-no-persistent-install.patch
+      ./patch-source3__libads__kerberos_keytab.c.patch
+      ./4.x-no-persistent-install-dynconfig.patch
+      (fetchpatch {
+        url = "https://patch-diff.githubusercontent.com/raw/samba-team/samba/pull/107.patch";
+        sha256 = "0r6q34vjj0bdzmcbnrkad9rww58k4krbwicv4gs1g3dj49skpvd6";
+      })
+    ];
+
+  buildInputs =
+    [ python pkgconfig perl libxslt docbook_xsl docbook_xml_dtd_42 /*
+      docbook_xml_dtd_45 */ readline talloc popt iniparser
+      libbsd libarchive zlib fam libiconv gettext libunwind krb5Full
+    ]
+    ++ optionals stdenv.isLinux [ libaio systemd ]
+    ++ optional enableLDAP openldap
+    ++ optional (enablePrinting && stdenv.isLinux) cups
+    ++ optional enableMDNS avahi
+    ++ optional enableDomainController gnutls
+    ++ optional enableRegedit ncurses
+    ++ optional (enableCephFS && stdenv.isLinux) libceph
+    ++ optional (enableGlusterFS && stdenv.isLinux) glusterfs
+    ++ optional enableAcl acl
+    ++ optional enablePam pam;
+
+  postPatch = ''
+    # Removes absolute paths in scripts
+    sed -i 's,/sbin/,,g' ctdb/config/functions
+
+    # Fix the XML Catalog Paths
+    sed -i "s,\(XML_CATALOG_FILES=\"\),\1$XML_CATALOG_FILES ,g" buildtools/wafsamba/wafsamba.py
+  '';
+
+  configureFlags =
+    [ "--with-static-modules=NONE"
+      "--with-shared-modules=ALL"
+      "--with-system-mitkrb5"
+      "--with-system-mitkdc" "${krb5Full}"
+      "--enable-fhs"
+      "--sysconfdir=/etc"
+      "--localstatedir=/var"
+    ]
+    ++ optional (!enableDomainController) "--without-ad-dc"
+    ++ optionals (!enableLDAP) [ "--without-ldap" "--without-ads" ]
+    ++ optional (!enableAcl) "--without-acl-support"
+    ++ optional (!enablePam) "--without-pam";
+
+  # To build in parallel.
+  buildPhase = "python buildtools/bin/waf build -j $NIX_BUILD_CORES";
+
+  # Some libraries don't have /lib/samba in RPATH but need it.
+  # Use find -type f -executable -exec echo {} \; -exec sh -c 'ldd {} | grep "not found"' \;
+  # Looks like a bug in installer scripts.
+  postFixup = ''
+    export SAMBA_LIBS="$(find $out -type f -name \*.so -exec dirname {} \; | sort | uniq)"
+    read -r -d "" SCRIPT << EOF || true
+    [ -z "\$SAMBA_LIBS" ] && exit 1;
+    BIN='{}';
+    OLD_LIBS="\$(patchelf --print-rpath "\$BIN" 2>/dev/null | tr ':' '\n')";
+    ALL_LIBS="\$(echo -e "\$SAMBA_LIBS\n\$OLD_LIBS" | sort | uniq | tr '\n' ':')";
+    patchelf --set-rpath "\$ALL_LIBS" "\$BIN" 2>/dev/null || exit $?;
+    patchelf --shrink-rpath "\$BIN";
+    EOF
+    find $out -type f -name \*.so -exec $SHELL -c "$SCRIPT" \;
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://www.samba.org/;
+    description = "The standard Windows interoperability suite of programs for Linux and Unix";
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ wkennington ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/nixpkgs/pkgs/servers/samba/master.nix b/nixpkgs/pkgs/servers/samba/master.nix
new file mode 100644
index 000000000000..21038a0f2183
--- /dev/null
+++ b/nixpkgs/pkgs/servers/samba/master.nix
@@ -0,0 +1,29 @@
+{ fetchFromGitHub
+, samba4
+, nettle
+} :
+
+  (samba4.overrideAttrs(oldAttrs: rec {
+    name = "samba-unstable-${version}";
+    version = "2018-03-09";
+
+    src = fetchFromGitHub {
+      owner = "samba-team";
+      repo = "samba";
+      rev = "9e954bcbf43d67a18ee55f84cda0b09028f96b92";
+      sha256 = "07j1pwm4kax6pq21gq9gpmp7dhj5afdyvkhgyl3yz334mb41q11g";
+    };
+
+    # Remove unnecessary install flags, same as <4.8 patch
+    postPatch = oldAttrs.postPatch + ''
+      sed -i '423,433d' dynconfig/wscript
+    '';
+
+    patches = [ ./4.x-no-persistent-install.patch ];
+    buildInputs = [ nettle ] ++ oldAttrs.buildInputs;
+    meta.branch = "master";
+  })).override {
+    # samba4.8+ removed the ability to disable LDAP.
+    # Enable for base derivation here:
+    enableLDAP = true;
+  }
diff --git a/nixpkgs/pkgs/servers/samba/patch-source3__libads__kerberos_keytab.c.patch b/nixpkgs/pkgs/servers/samba/patch-source3__libads__kerberos_keytab.c.patch
new file mode 100644
index 000000000000..9f6577c65c14
--- /dev/null
+++ b/nixpkgs/pkgs/servers/samba/patch-source3__libads__kerberos_keytab.c.patch
@@ -0,0 +1,20 @@
+--- old/source3/libads/kerberos_keytab.c	2017-12-23 14:23:53.247467000 +0100
++++ new/source3/libads/kerberos_keytab.c	2017-12-23 18:57:07.135340000 +0100
+@@ -32,8 +32,6 @@
+ 
+ #ifdef HAVE_KRB5
+ 
+-#ifdef HAVE_ADS
+-
+ /* This MAX_NAME_LEN is a constant defined in krb5.h */
+ #ifndef MAX_KEYTAB_NAME_LEN
+ #define MAX_KEYTAB_NAME_LEN 1100
+@@ -85,6 +83,8 @@
+ 	return ret;
+ }
+ 
++#ifdef HAVE_ADS
++
+ /**********************************************************************
+  Adds a single service principal, i.e. 'host' to the system keytab
+ ***********************************************************************/
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-21 20:43:40 +0000