From 068372ee6f0146af5e7e01aa10252dbd85fdf826 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 12 Dec 2023 17:58:34 +0100 Subject: heimdal: 7.8.0 -> 7.8.0-unstable-2023-11-29 --- pkgs/development/libraries/kerberos/heimdal.nix | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix index e4a61a3c0731..29fd897c7fee 100644 --- a/pkgs/development/libraries/kerberos/heimdal.nix +++ b/pkgs/development/libraries/kerberos/heimdal.nix @@ -4,21 +4,19 @@ , CoreFoundation, Security, SystemConfiguration }: -stdenv.mkDerivation rec { +stdenv.mkDerivation { pname = "heimdal"; - version = "7.8.0"; + version = "7.8.0-unstable-2023-11-29"; src = fetchFromGitHub { owner = "heimdal"; repo = "heimdal"; - rev = "heimdal-${version}"; - sha256 = "sha256-iXOaar1S3y0xHdL0S+vS0uxoFQjy43kABxqE+KEhxjU="; + rev = "3253c49544eacb33d5ad2f6f919b0696e5aab794"; + sha256 = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM="; }; outputs = [ "out" "dev" "man" "info" ]; - patches = [ ./heimdal-make-missing-headers.patch ]; - nativeBuildInputs = [ autoreconfHook pkg-config python3 perl bison flex texinfo ] ++ (with perlPackages; [ JSON ]); buildInputs = lib.optionals (stdenv.isLinux) [ libcap_ng ] @@ -71,9 +69,6 @@ stdenv.mkDerivation rec { (cd include/hcrypto; make -j $NIX_BUILD_CORES install) (cd lib/hcrypto; make -j $NIX_BUILD_CORES install) - # Do we need it? - rm $out/bin/su - mkdir -p $dev/bin mv $out/bin/krb5-config $dev/bin/ -- cgit 1.4.1 From c71fa4be0ca5f8d43b2630fa314f266dbc0cffac Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 12 Dec 2023 18:01:59 +0100 Subject: heimdal: clean up package - Make inputs more diff friendly - Add flags for enabling certain libraries - Disable LDAP support as HDB module by default - Add support for CJSON - Flatten contents of `$out/libexec`, which earlier had an `heimdal/heimdal` directory - Use SRI hash - Enable package tests - Add `passthru.tests.nixos` - Add `meta.homepage` and `meta.changelog` Co-authored-by: Felix Albrigtsen --- nixos/modules/services/system/kerberos/heimdal.nix | 6 +- .../kerberos/heimdal-make-missing-headers.patch | 10 -- pkgs/development/libraries/kerberos/heimdal.nix | 158 ++++++++++++++++----- 3 files changed, 123 insertions(+), 51 deletions(-) delete mode 100644 pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch diff --git a/nixos/modules/services/system/kerberos/heimdal.nix b/nixos/modules/services/system/kerberos/heimdal.nix index 837c59caa562..816a2a8db061 100644 --- a/nixos/modules/services/system/kerberos/heimdal.nix +++ b/nixos/modules/services/system/kerberos/heimdal.nix @@ -35,7 +35,7 @@ in mkdir -m 0755 -p ${stateDir} ''; serviceConfig.ExecStart = - "${kerberos}/libexec/heimdal/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; + "${kerberos}/libexec/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; restartTriggers = [ kdcConfFile ]; }; @@ -46,7 +46,7 @@ in mkdir -m 0755 -p ${stateDir} ''; serviceConfig.ExecStart = - "${kerberos}/libexec/heimdal/kdc --config-file=/etc/heimdal-kdc/kdc.conf"; + "${kerberos}/libexec/kdc --config-file=/etc/heimdal-kdc/kdc.conf"; restartTriggers = [ kdcConfFile ]; }; @@ -56,7 +56,7 @@ in preStart = '' mkdir -m 0755 -p ${stateDir} ''; - serviceConfig.ExecStart = "${kerberos}/libexec/heimdal/kpasswdd"; + serviceConfig.ExecStart = "${kerberos}/libexec/kpasswdd"; restartTriggers = [ kdcConfFile ]; }; diff --git a/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch b/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch deleted file mode 100644 index a0fa625538b7..000000000000 --- a/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100 -+++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100 -@@ -9,6 +9,8 @@ - sel-gram.h \ - $(gen_files_ocsp:.x=.c) \ - $(gen_files_pkcs10:.x=.c) \ -+ ocsp_asn1.h \ -+ pkcs10_asn1.h \ - hx509_err.c \ - hx509_err.h diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix index 29fd897c7fee..8a3cc0b25a1d 100644 --- a/pkgs/development/libraries/kerberos/heimdal.nix +++ b/pkgs/development/libraries/kerberos/heimdal.nix @@ -1,9 +1,52 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, python3, perl, bison, flex -, texinfo, perlPackages -, openldap, libcap_ng, sqlite, openssl, db, libedit, pam -, CoreFoundation, Security, SystemConfiguration +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, python3 +, perl +, bison +, flex +, texinfo +, perlPackages + +, openldap +, libcap_ng +, sqlite +, openssl +, db +, libedit +, pam +, krb5 +, libmicrohttpd +, cjson + +, CoreFoundation +, Security +, SystemConfiguration + +, curl +, jdk +, unzip +, which + +, nixosTests + +, withCJSON ? true +, withCapNG ? stdenv.isLinux +# libmicrohttpd should theoretically work for darwin as well, but something is broken. +# It affects tests check-bx509d and check-httpkadmind. +, withMicroHTTPD ? stdenv.isLinux +, withOpenLDAP ? true +, withOpenLDAPAsHDBModule ? false +, withOpenSSL ? true +, withSQLite3 ? true }: +assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) '' + OpenLDAP needs to be enabled in order to build the OpenLDAP HDB Module. +''; + stdenv.mkDerivation { pname = "heimdal"; version = "7.8.0-unstable-2023-11-29"; @@ -12,50 +55,84 @@ stdenv.mkDerivation { owner = "heimdal"; repo = "heimdal"; rev = "3253c49544eacb33d5ad2f6f919b0696e5aab794"; - sha256 = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM="; + hash = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM="; }; outputs = [ "out" "dev" "man" "info" ]; - nativeBuildInputs = [ autoreconfHook pkg-config python3 perl bison flex texinfo ] - ++ (with perlPackages; [ JSON ]); - buildInputs = lib.optionals (stdenv.isLinux) [ libcap_ng ] - ++ [ db sqlite openssl libedit openldap pam] - ++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ]; + nativeBuildInputs = [ + autoreconfHook + pkg-config + python3 + perl + bison + flex + texinfo + ] + ++ (with perlPackages; [ JSON ]); + + buildInputs = [ db libedit pam ] + ++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ] + ++ lib.optionals (withCJSON) [ cjson ] + ++ lib.optionals (withCapNG) [ libcap_ng ] + ++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ] + ++ lib.optionals (withOpenLDAP) [ openldap ] + ++ lib.optionals (withOpenSSL) [ openssl ] + ++ lib.optionals (withSQLite3) [ sqlite ]; + + doCheck = true; + nativeCheckInputs = [ + curl + jdk + unzip + which + ]; - ## ugly, X should be made an option configureFlags = [ - "--sysconfdir=/etc" - "--localstatedir=/var" - "--infodir=$info/share/info" - "--enable-hdb-openldap-module" - "--with-sqlite3=${sqlite.dev}" - - # ugly, --with-libedit is not enought, it fall back to bundled libedit "--with-libedit-include=${libedit.dev}/include" "--with-libedit-lib=${libedit}/lib" - "--with-openssl=${openssl.dev}" - "--without-x" - "--with-berkeley-db" "--with-berkeley-db-include=${db.dev}/include" - "--with-openldap=${openldap.dev}" - ] ++ lib.optionals (stdenv.isLinux) [ + "--with-berkeley-db" + + "--without-x" + "--disable-afs-string-to-key" + ] ++ lib.optionals (withCapNG) [ "--with-capng" + ] ++ lib.optionals (withCJSON) [ + "--with-cjson=${cjson}" + ] ++ lib.optionals (withOpenLDAP) [ + "--with-openldap=${openldap.dev}" + ] ++ lib.optionals (withOpenLDAPAsHDBModule) [ + "--enable-hdb-openldap-module" + ] ++ lib.optionals (withSQLite3) [ + "--with-sqlite3=${sqlite.dev}" ]; - postUnpack = '' - sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common - sed -i -e 's/date/date --date="@$SOURCE_DATE_EPOCH"/' source/configure.ac + # (check-ldap) slapd resides within ${openldap}/libexec, + # which is not part of $PATH by default. + # (check-ldap) prepending ${openldap}/bin to the path to avoid + # using the default installation of openldap on unsandboxed darwin systems, + # which does not support the new mdb backend at the moment (2024-01-13). + # (check-ldap) the bdb backend got deprecated in favour of mdb in openldap 2.5.0, + # but the heimdal tests still seem to expect bdb as the openldap backend. + # This might be fixed upstream in a future update. + patchPhase = '' + runHook prePatch + + substituteInPlace tests/ldap/slapd-init.in \ + --replace 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema ' + substituteInPlace tests/ldap/check-ldap.in \ + --replace 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:' + substituteInPlace tests/ldap/slapd.conf \ + --replace 'database bdb' 'database mdb' + + runHook postPatch ''; - preConfigure = '' - configureFlagsArray+=( - "--bindir=$out/bin" - "--sbindir=$out/sbin" - "--libexecdir=$out/libexec/heimdal" - "--mandir=$man/share/man" - "--infodir=$man/share/info" - "--includedir=$dev/include") + # (test_cc) heimdal uses librokens implementation of `secure_getenv` on darwin, + # which expects either USER or LOGNAME to be set. + preCheck = lib.optionalString (stdenv.isDarwin) '' + export USER=nix-builder ''; # We need to build hcrypt for applications like samba @@ -73,8 +150,8 @@ stdenv.mkDerivation { mv $out/bin/krb5-config $dev/bin/ # asn1 compilers, move them to $dev - mv $out/libexec/heimdal/heimdal/* $dev/bin - rmdir $out/libexec/heimdal/heimdal + mv $out/libexec/heimdal/* $dev/bin + rmdir $out/libexec/heimdal # compile_et is needed for cross-compiling this package and samba mv lib/com_err/.libs/compile_et $dev/bin @@ -85,11 +162,16 @@ stdenv.mkDerivation { # hx_locl.h:67:25: fatal error: pkcs10_asn1.h: No such file or directory #enableParallelBuilding = true; + passthru = { + implementation = "heimdal"; + tests.nixos = nixosTests.kerberos.heimdal; + }; + meta = with lib; { + homepage = "https://www.heimdal.software"; + changelog = "https://github.com/heimdal/heimdal/releases"; description = "An implementation of Kerberos 5 (and some more stuff)"; license = licenses.bsd3; platforms = platforms.unix; }; - - passthru.implementation = "heimdal"; } -- cgit 1.4.1 From fe2a639aa74baff686663831b72e5b89f3595825 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 12 Dec 2023 18:05:22 +0100 Subject: heimdal: add h7x4 as maintainer --- pkgs/development/libraries/kerberos/heimdal.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix index 8a3cc0b25a1d..ff211b6b9c34 100644 --- a/pkgs/development/libraries/kerberos/heimdal.nix +++ b/pkgs/development/libraries/kerberos/heimdal.nix @@ -173,5 +173,6 @@ stdenv.mkDerivation { description = "An implementation of Kerberos 5 (and some more stuff)"; license = licenses.bsd3; platforms = platforms.unix; + maintainers = with maintainers; [ h7x4 ]; }; } -- cgit 1.4.1