| blob | f0256b55c8cb19e6797309aa349ffccd8e4268c8 |
1 { stdenv
2 , lib
3 , fetchurl
4 , pkg-config
5 , autoconf
6 , automake
7 , kerberos
8 , openldap
9 , popt
10 , sasl
11 , curl
12 , xmlrpc_c
13 , ding-libs
14 , p11-kit
15 , gettext
16 , nspr
17 , nss
18 , _389-ds-base
19 , svrcore
20 , libuuid
21 , talloc
22 , tevent
23 , samba
24 , libunistring
25 , libverto
26 , libpwquality
27 , systemd
28 , python3
29 , bind
30 , sssd
31 , jre
32 , rhino
33 , lesscpy
34 , jansson
35 , runtimeShell
36 }:
38 let
39 pathsPy = ./paths.py;
41 pythonInputs = with python3.pkgs; [
42 distutils
43 six
44 python-ldap
45 dnspython
46 netaddr
47 netifaces
48 gssapi
49 dogtag-pki
50 pyasn1
51 sssd
52 cffi
53 lxml
54 dbus-python
55 cryptography
56 python-memcached
57 qrcode
58 pyusb
59 yubico
60 setuptools
61 jinja2
62 augeas
63 samba
64 ];
65 in
66 stdenv.mkDerivation rec {
67 pname = "freeipa";
68 version = "4.12.1";
70 src = fetchurl {
71 url = "https://releases.pagure.org/freeipa/freeipa-${version}.tar.gz";
72 sha256 = "sha256-SPZ+QgssDKG1Hz1oqtVdg864qtcvncuOlzTWjN4+loM=";
73 };
75 nativeBuildInputs = [
76 python3.pkgs.wrapPython
77 jre
78 rhino
79 lesscpy
80 automake
81 autoconf
82 gettext
83 pkg-config
84 ];
86 buildInputs = [
87 kerberos
88 openldap
89 popt
90 sasl
91 curl
92 xmlrpc_c
93 ding-libs
94 p11-kit
95 python3
96 nspr
97 nss
98 _389-ds-base
99 svrcore
100 libuuid
101 talloc
102 tevent
103 samba
104 libunistring
105 libverto
106 systemd
107 bind
108 libpwquality
109 jansson
110 ] ++ pythonInputs;
112 postPatch = ''
113 patchShebangs makeapi makeaci install/ui/util
115 substituteInPlace ipaplatform/setup.py \
116 --replace 'ipaplatform.debian' 'ipaplatform.nixos'
118 substituteInPlace ipasetup.py.in \
119 --replace 'int(v)' 'int(v.replace("post", ""))'
121 substituteInPlace client/ipa-join.c \
122 --replace /usr/sbin/ipa-getkeytab $out/bin/ipa-getkeytab
124 cp -r ipaplatform/{fedora,nixos}
125 substitute ${pathsPy} ipaplatform/nixos/paths.py \
126 --subst-var out \
127 --subst-var-by bind ${bind.dnsutils} \
128 --subst-var-by curl ${curl} \
129 --subst-var-by kerberos ${kerberos}
130 '';
132 NIX_CFLAGS_COMPILE = "-I${_389-ds-base}/include/dirsrv";
133 pythonPath = pythonInputs;
135 # Building and installing the server fails with silent Rhino errors, skipping
136 # for now. Need a newer Rhino version.
137 #buildFlags = [ "client" "server" ]
139 configureFlags = [
140 "--with-systemdsystemunitdir=$out/lib/systemd/system"
141 "--with-ipaplatform=nixos"
142 "--disable-server"
143 ];
145 postInstall = ''
146 echo "
147 #!${runtimeShell}
148 echo 'ipa-client-install is not available on NixOS. Please see security.ipa, instead.'
149 exit 1
150 " > $out/sbin/ipa-client-install
151 '';
153 postFixup = ''
154 wrapPythonPrograms
155 rm -rf $out/etc/ipa $out/var/lib/ipa-client/sysrestore
156 '';
158 meta = with lib; {
159 description = "Identity, Policy and Audit system";
160 longDescription = ''
161 IPA is an integrated solution to provide centrally managed Identity (users,
162 hosts, services), Authentication (SSO, 2FA), and Authorization
163 (host access control, SELinux user roles, services). The solution provides
164 features for further integration with Linux based clients (SUDO, automount)
165 and integration with Active Directory based infrastructures (Trusts).
166 '';
167 homepage = "https://www.freeipa.org/";
168 license = licenses.gpl3Plus;
169 maintainers = [ maintainers.s1341 ];
170 platforms = platforms.linux;
171 mainProgram = "ipa";
172 };
173 }