pkgs/os-specific/linux/sssd/default.nix

   1 { lib, stdenv, fetchFromGitHub, autoreconfHook, makeWrapper, glibc, adcli, augeas, dnsutils, c-ares, curl,
   2   cyrus_sasl, ding-libs, libnl, libunistring, nss, samba, nfs-utils, doxygen,
   3   python3, pam, popt, talloc, tdb, tevent, pkg-config, ldb, openldap,
   4   pcre2, libkrb5, cifs-utils, glib, keyutils, dbus, fakeroot, libxslt, libxml2,
   5   libuuid, systemd, nspr, check, cmocka, uid_wrapper, p11-kit,
   6   nss_wrapper, ncurses, Po4a, jansson, jose,
   7   docbook_xsl, docbook_xml_dtd_45,
   8   testers, nix-update-script, nixosTests,
   9   withSudo ? false }:
  10
  11 let
  12   docbookFiles = "${docbook_xsl}/share/xml/docbook-xsl/catalog.xml:${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml";
  13 in
  14 stdenv.mkDerivation (finalAttrs: {
  15   pname = "sssd";
  16   version = "2.9.5";
  17
  18   src = fetchFromGitHub {
  19     owner = "SSSD";
  20     repo = "sssd";
  21     rev = "refs/tags/${finalAttrs.version}";
  22     hash = "sha256-wr6qFgM5XN3aizYVquj0xF+mVRgrkLWWhA3/gQOK8hQ=";
  23   };
  24
  25   postPatch = ''
  26     patchShebangs ./sbus_generate.sh.in
  27   '';
  28
  29   # Something is looking for <libxml/foo.h> instead of <libxml2/libxml/foo.h>
  30   env.NIX_CFLAGS_COMPILE = toString [
  31     "-DRENEWAL_PROG_PATH=\"${adcli}/bin/adcli\""
  32     "-I${libxml2.dev}/include/libxml2"
  33   ];
  34
  35   preConfigure = ''
  36     export SGML_CATALOG_FILES="${docbookFiles}"
  37     export PYTHONPATH=$(find ${python3.pkgs.python-ldap} -type d -name site-packages)
  38     export PATH=$PATH:${openldap}/libexec
  39
  40     configureFlagsArray=(
  41       --prefix=$out
  42       --sysconfdir=/etc
  43       --localstatedir=/var
  44       --enable-pammoddir=$out/lib/security
  45       --with-os=fedora
  46       --with-pid-path=/run
  47       --with-python3-bindings
  48       --with-syslog=journald
  49       --without-selinux
  50       --without-semanage
  51       --with-xml-catalog-path=''${SGML_CATALOG_FILES%%:*}
  52       --with-ldb-lib-dir=$out/modules/ldb
  53       --with-nscd=${glibc.bin}/sbin/nscd
  54     )
  55   '' + lib.optionalString withSudo ''
  56     configureFlagsArray+=("--with-sudo")
  57   '';
  58
  59   enableParallelBuilding = true;
  60   # Disable parallel install due to missing depends:
  61   #   libtool:   error: error: relink '_py3sss.la' with the above command before installing i
  62   enableParallelInstalling = false;
  63   nativeBuildInputs = [ autoreconfHook makeWrapper pkg-config doxygen ];
  64   buildInputs = [ augeas dnsutils c-ares curl cyrus_sasl ding-libs libnl libunistring nss
  65                   samba nfs-utils p11-kit python3 popt
  66                   talloc tdb tevent ldb pam openldap pcre2 libkrb5
  67                   cifs-utils glib keyutils dbus fakeroot libxslt libxml2
  68                   libuuid python3.pkgs.python-ldap systemd nspr check cmocka uid_wrapper
  69                   nss_wrapper ncurses Po4a jansson jose ];
  70
  71   makeFlags = [
  72     "SGML_CATALOG_FILES=${docbookFiles}"
  73   ];
  74
  75   installFlags = [
  76      "sysconfdir=$(out)/etc"
  77      "localstatedir=$(out)/var"
  78      "pidpath=$(out)/run"
  79      "sss_statedir=$(out)/var/lib/sss"
  80      "logpath=$(out)/var/log/sssd"
  81      "pubconfpath=$(out)/var/lib/sss/pubconf"
  82      "dbpath=$(out)/var/lib/sss/db"
  83      "mcpath=$(out)/var/lib/sss/mc"
  84      "pipepath=$(out)/var/lib/sss/pipes"
  85      "gpocachepath=$(out)/var/lib/sss/gpo_cache"
  86      "secdbpath=$(out)/var/lib/sss/secrets"
  87      "initdir=$(out)/rc.d/init"
  88   ];
  89
  90   postInstall = ''
  91     rm -rf "$out"/run
  92     rm -rf "$out"/rc.d
  93     rm -f "$out"/modules/ldb/memberof.la
  94     find "$out" -depth -type d -exec rmdir --ignore-fail-on-non-empty {} \;
  95   '';
  96   postFixup = ''
  97     for f in $out/bin/sss{ctl,_cache,_debuglevel,_override,_seed}; do
  98       wrapProgram $f --prefix LDB_MODULES_PATH : $out/modules/ldb
  99     done
 100   '';
 101
 102   passthru = {
 103     tests = {
 104       inherit (nixosTests) sssd sssd-ldap;
 105       pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
 106       version = testers.testVersion {
 107         package = finalAttrs.finalPackage;
 108         command = "sssd --version";
 109       };
 110     };
 111     updateScript = nix-update-script { };
 112   };
 113
 114   meta = with lib; {
 115     description = "System Security Services Daemon";
 116     homepage = "https://sssd.io/";
 117     changelog = "https://sssd.io/release-notes/sssd-${finalAttrs.version}.html";
 118     license = licenses.gpl3Plus;
 119     platforms = platforms.linux;
 120     maintainers = with maintainers; [ illustris ];
 121     pkgConfigModules = [
 122       "ipa_hbac"
 123       "sss_certmap"
 124       "sss_idmap"
 125       "sss_nss_idmap"
 126     ];
 127   };
 128 })