diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/samba')
-rw-r--r-- | nixpkgs/pkgs/servers/samba/3.x.nix | 99 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/samba/4.x-no-persistent-install-dynconfig.patch | 15 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/samba/4.x-no-persistent-install.patch | 39 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/samba/4.x.nix | 106 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/samba/master.nix | 29 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/samba/patch-source3__libads__kerberos_keytab.c.patch | 20 |
6 files changed, 308 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/samba/3.x.nix b/nixpkgs/pkgs/servers/samba/3.x.nix new file mode 100644 index 000000000000..1f432c189880 --- /dev/null +++ b/nixpkgs/pkgs/servers/samba/3.x.nix @@ -0,0 +1,99 @@ +{ stdenv, fetchurl, readline, pam ? null, openldap ? null +, popt, iniparser, libunwind +, fam ? null , acl ? null, cups ? null +, useKerberos ? false, kerberos ? null, winbind ? true + +# Eg. smbclient and smbspool require a smb.conf file. +# If you set configDir to "" an empty configuration file +# $out/lib/smb.conf is is created for you. +# +# configDir defaults to "/etc/samba" so that smbpassword picks up +# the location of its passwd db files from the system configuration file +# /etc/samba/smb.conf. That's why nixos touches /etc/samba/smb.conf even if you +# don't enable the samba upstart service. +, configDir ? "/etc/samba" + +}: + +assert useKerberos -> kerberos != null; + +stdenv.mkDerivation rec { + name = "samba-3.6.25"; + + src = fetchurl { + url = "mirror://samba/pub/samba/stable/${name}.tar.gz"; + sha256 = "0l9pz2m67vf398q3c2dwn8jwdxsjb20igncf4byhv6yq5dzqlb4g"; + }; + + patches = [(fetchurl { + url = "https://download.samba.org/pub/samba/patches/security/" + + "samba-3.6.25-security-2015-12-16.patch"; + sha256 = "00dcjcn577825mfdwdp76jfy5kcrqw3s4d5c41gqdq5gfcdbmqdb"; + })]; + + buildInputs = [ readline pam openldap popt iniparser libunwind fam acl cups ] + ++ stdenv.lib.optional useKerberos kerberos; + + enableParallelBuilding = true; + + postPatch = + # XXX: Awful hack to allow cross-compilation. + '' sed -i source3/configure \ + -e 's/^as_fn_error .. \("cannot run test program while cross compiling\)/$as_echo \1/g' + ''; # " + + preConfigure = + '' cd source3 + export samba_cv_CC_NEGATIVE_ENUM_VALUES=yes + export libreplace_cv_HAVE_GETADDRINFO=yes + export ac_cv_file__proc_sys_kernel_core_pattern=no # XXX: true on Linux, false elsewhere + ''; + + configureFlags = + stdenv.lib.optionals (pam != null) [ "--with-pam" "--with-pam_smbpass" ] + ++ [ "--with-aio-support" + "--disable-swat" + "--with-configdir=${configDir}" + "--with-fhs" + "--localstatedir=/var" + ] + ++ (stdenv.lib.optional winbind "--with-winbind") + ++ (stdenv.lib.optional (stdenv.cc.libc != null) "--with-libiconv=${stdenv.cc.libc}"); + + # Need to use a DESTDIR because `make install' tries to write in /var and /etc. + installFlags = "DESTDIR=$(TMPDIR)/inst"; + + stripAllList = [ "bin" "sbin" ]; + + postInstall = + '' + mkdir -p $out + mv $TMPDIR/inst/$out/* $out/ + + mkdir -p "$out/lib/pkgconfig" + cp pkgconfig/*.pc "$out/lib/pkgconfig" + + mkdir -pv $out/lib/cups/backend + ln -sv ../../../bin/smbspool $out/lib/cups/backend/smb + mkdir -pv $out/etc/openldap/schema + cp ../examples/LDAP/samba.schema $out/etc/openldap/schema + + # For nsswitch. Glibc >= 2.1 looks for libnss_<name>.so.2 (see man + # nsswitch.conf), so provide that too. + cp -v ../nsswitch/libnss_wins.so "$out/lib" + cp -v ../nsswitch/libnss_winbind.so "$out/lib" + (cd "$out/lib" && ln -s libnss_winbind.so libnss_winbind.so.2) + (cd "$out/lib" && ln -s libnss_wins.so libnss_wins.so.2) + '' # */ + + stdenv.lib.optionalString (configDir == "") "touch $out/lib/smb.conf"; + + meta = with stdenv.lib; { + homepage = https://www.samba.org/; + description = "The standard Windows interoperability suite of programs for Linux and Unix"; + platforms = platforms.linux; + license = licenses.gpl3; + knownVulnerabilities = [ + "Numerous CVEs and no patches from upstream for 3.x since 2014." + ]; + }; +} diff --git a/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install-dynconfig.patch b/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install-dynconfig.patch new file mode 100644 index 000000000000..7e3652dbe7b7 --- /dev/null +++ b/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install-dynconfig.patch @@ -0,0 +1,15 @@ +diff -ru3 samba-4.4.6/dynconfig/wscript samba-4.4.6-new/dynconfig/wscript +--- samba-4.4.6/dynconfig/wscript 2016-01-26 14:45:46.000000000 +0300 ++++ samba-4.4.6-new/dynconfig/wscript 2016-10-15 22:21:18.159705132 +0300 +@@ -416,11 +416,3 @@ + public_headers=os_path_relpath(os.path.join(Options.launch_dir, version_header), bld.curdir), + header_path='samba', + cflags=cflags) +- +- # install some extra empty directories +- bld.INSTALL_DIRS("", "${CONFIGDIR} ${PRIVATE_DIR} ${LOGFILEBASE}"); +- bld.INSTALL_DIRS("", "${PRIVATE_DIR} ${PRIVILEGED_SOCKET_DIR}") +- bld.INSTALL_DIRS("", "${STATEDIR} ${CACHEDIR}"); +- +- # these might be on non persistent storage +- bld.INSTALL_DIRS("", "${LOCKDIR} ${PIDDIR} ${SOCKET_DIR}") diff --git a/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install.patch b/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install.patch new file mode 100644 index 000000000000..1c360f6b2c77 --- /dev/null +++ b/nixpkgs/pkgs/servers/samba/4.x-no-persistent-install.patch @@ -0,0 +1,39 @@ +diff -ru3 samba-4.4.6/ctdb/wscript samba-4.4.6-new/ctdb/wscript +--- samba-4.4.6/ctdb/wscript 2016-09-22 09:42:48.000000000 +0300 ++++ samba-4.4.6-new/ctdb/wscript 2016-10-15 23:31:13.932088237 +0300 +@@ -581,7 +581,7 @@ + for t in etc_subdirs: + files = SUBDIR_MODE('%s/%s' % (configdir, t), trim_path=configdir) + for fmode in files: +- bld.INSTALL_FILES(bld.env.CTDB_ETCDIR, 'config/%s' % fmode[0], ++ bld.INSTALL_FILES('${EXEC_PREFIX}${CTDB_ETCDIR}', 'config/%s' % fmode[0], + destname=fmode[0], chmod=fmode[1]) + + bld.SAMBA_GENERATOR('ctdb-functions', +@@ -601,23 +601,19 @@ + ] + + for t in etc_scripts: +- bld.INSTALL_FILES(bld.env.CTDB_ETCDIR, 'config/%s' % t, ++ bld.INSTALL_FILES('${EXEC_PREFIX}${CTDB_ETCDIR}', 'config/%s' % t, + destname=t, chmod=0755) + + bld.SAMBA_GENERATOR('ctdb-sudoers', + source='config/ctdb.sudoers', + target='ctdb.sudoers', + rule='sed %s ${SRC} > ${TGT}' % (sed_cmdline)) +- bld.INSTALL_FILES('${SYSCONFDIR}/sudoers.d', 'ctdb.sudoers', ++ bld.INSTALL_FILES('${EXEC_PREFIX}${SYSCONFDIR}/sudoers.d', 'ctdb.sudoers', + destname='ctdb') + +- bld.INSTALL_FILES('${CTDB_ETCDIR}/notify.d', 'config/notify.d.README', ++ bld.INSTALL_FILES('${EXEC_PREFIX}${CTDB_ETCDIR}/notify.d', 'config/notify.d.README', + destname='README') + +- bld.install_dir(bld.env.CTDB_LOGDIR) +- bld.install_dir(bld.env.CTDB_RUNDIR) +- bld.install_dir(bld.env.CTDB_VARDIR) +- + # Unit tests + ctdb_unit_tests = [ + 'db_hash_test', diff --git a/nixpkgs/pkgs/servers/samba/4.x.nix b/nixpkgs/pkgs/servers/samba/4.x.nix new file mode 100644 index 000000000000..38f13fcd1fa1 --- /dev/null +++ b/nixpkgs/pkgs/servers/samba/4.x.nix @@ -0,0 +1,106 @@ +{ lib, stdenv, fetchurl, python, pkgconfig, perl, libxslt, docbook_xsl +, fetchpatch +, docbook_xml_dtd_42, readline, talloc +, popt, iniparser, libbsd, libarchive, libiconv, gettext +, krb5Full, zlib, openldap, cups, pam, avahi, acl, libaio, fam, libceph, glusterfs +, gnutls, ncurses, libunwind, systemd + +, enableLDAP ? false +, enablePrinting ? false +, enableMDNS ? false +, enableDomainController ? false +, enableRegedit ? true +, enableCephFS ? false +, enableGlusterFS ? false +, enableAcl ? (!stdenv.isDarwin) +, enablePam ? (!stdenv.isDarwin) +}: + +with lib; + +stdenv.mkDerivation rec { + name = "samba-${version}"; + version = "4.7.10"; + + src = fetchurl { + url = "mirror://samba/pub/samba/stable/${name}.tar.gz"; + sha256 = "0w5y6a7kiw5ap7hd84yglzk7cjax6lxlszd0wz1sxnmqx4a6hn9l"; + }; + + outputs = [ "out" "dev" "man" ]; + + patches = + [ ./4.x-no-persistent-install.patch + ./patch-source3__libads__kerberos_keytab.c.patch + ./4.x-no-persistent-install-dynconfig.patch + (fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/samba-team/samba/pull/107.patch"; + sha256 = "0r6q34vjj0bdzmcbnrkad9rww58k4krbwicv4gs1g3dj49skpvd6"; + }) + ]; + + buildInputs = + [ python pkgconfig perl libxslt docbook_xsl docbook_xml_dtd_42 /* + docbook_xml_dtd_45 */ readline talloc popt iniparser + libbsd libarchive zlib fam libiconv gettext libunwind krb5Full + ] + ++ optionals stdenv.isLinux [ libaio systemd ] + ++ optional enableLDAP openldap + ++ optional (enablePrinting && stdenv.isLinux) cups + ++ optional enableMDNS avahi + ++ optional enableDomainController gnutls + ++ optional enableRegedit ncurses + ++ optional (enableCephFS && stdenv.isLinux) libceph + ++ optional (enableGlusterFS && stdenv.isLinux) glusterfs + ++ optional enableAcl acl + ++ optional enablePam pam; + + postPatch = '' + # Removes absolute paths in scripts + sed -i 's,/sbin/,,g' ctdb/config/functions + + # Fix the XML Catalog Paths + sed -i "s,\(XML_CATALOG_FILES=\"\),\1$XML_CATALOG_FILES ,g" buildtools/wafsamba/wafsamba.py + ''; + + configureFlags = + [ "--with-static-modules=NONE" + "--with-shared-modules=ALL" + "--with-system-mitkrb5" + "--with-system-mitkdc" "${krb5Full}" + "--enable-fhs" + "--sysconfdir=/etc" + "--localstatedir=/var" + ] + ++ optional (!enableDomainController) "--without-ad-dc" + ++ optionals (!enableLDAP) [ "--without-ldap" "--without-ads" ] + ++ optional (!enableAcl) "--without-acl-support" + ++ optional (!enablePam) "--without-pam"; + + # To build in parallel. + buildPhase = "python buildtools/bin/waf build -j $NIX_BUILD_CORES"; + + # Some libraries don't have /lib/samba in RPATH but need it. + # Use find -type f -executable -exec echo {} \; -exec sh -c 'ldd {} | grep "not found"' \; + # Looks like a bug in installer scripts. + postFixup = '' + export SAMBA_LIBS="$(find $out -type f -name \*.so -exec dirname {} \; | sort | uniq)" + read -r -d "" SCRIPT << EOF || true + [ -z "\$SAMBA_LIBS" ] && exit 1; + BIN='{}'; + OLD_LIBS="\$(patchelf --print-rpath "\$BIN" 2>/dev/null | tr ':' '\n')"; + ALL_LIBS="\$(echo -e "\$SAMBA_LIBS\n\$OLD_LIBS" | sort | uniq | tr '\n' ':')"; + patchelf --set-rpath "\$ALL_LIBS" "\$BIN" 2>/dev/null || exit $?; + patchelf --shrink-rpath "\$BIN"; + EOF + find $out -type f -name \*.so -exec $SHELL -c "$SCRIPT" \; + ''; + + meta = with stdenv.lib; { + homepage = https://www.samba.org/; + description = "The standard Windows interoperability suite of programs for Linux and Unix"; + license = licenses.gpl3; + maintainers = with maintainers; [ wkennington ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/servers/samba/master.nix b/nixpkgs/pkgs/servers/samba/master.nix new file mode 100644 index 000000000000..21038a0f2183 --- /dev/null +++ b/nixpkgs/pkgs/servers/samba/master.nix @@ -0,0 +1,29 @@ +{ fetchFromGitHub +, samba4 +, nettle +} : + + (samba4.overrideAttrs(oldAttrs: rec { + name = "samba-unstable-${version}"; + version = "2018-03-09"; + + src = fetchFromGitHub { + owner = "samba-team"; + repo = "samba"; + rev = "9e954bcbf43d67a18ee55f84cda0b09028f96b92"; + sha256 = "07j1pwm4kax6pq21gq9gpmp7dhj5afdyvkhgyl3yz334mb41q11g"; + }; + + # Remove unnecessary install flags, same as <4.8 patch + postPatch = oldAttrs.postPatch + '' + sed -i '423,433d' dynconfig/wscript + ''; + + patches = [ ./4.x-no-persistent-install.patch ]; + buildInputs = [ nettle ] ++ oldAttrs.buildInputs; + meta.branch = "master"; + })).override { + # samba4.8+ removed the ability to disable LDAP. + # Enable for base derivation here: + enableLDAP = true; + } diff --git a/nixpkgs/pkgs/servers/samba/patch-source3__libads__kerberos_keytab.c.patch b/nixpkgs/pkgs/servers/samba/patch-source3__libads__kerberos_keytab.c.patch new file mode 100644 index 000000000000..9f6577c65c14 --- /dev/null +++ b/nixpkgs/pkgs/servers/samba/patch-source3__libads__kerberos_keytab.c.patch @@ -0,0 +1,20 @@ +--- old/source3/libads/kerberos_keytab.c 2017-12-23 14:23:53.247467000 +0100 ++++ new/source3/libads/kerberos_keytab.c 2017-12-23 18:57:07.135340000 +0100 +@@ -32,8 +32,6 @@ + + #ifdef HAVE_KRB5 + +-#ifdef HAVE_ADS +- + /* This MAX_NAME_LEN is a constant defined in krb5.h */ + #ifndef MAX_KEYTAB_NAME_LEN + #define MAX_KEYTAB_NAME_LEN 1100 +@@ -85,6 +83,8 @@ + return ret; + } + ++#ifdef HAVE_ADS ++ + /********************************************************************** + Adds a single service principal, i.e. 'host' to the system keytab + ***********************************************************************/ |