Merge pull request #336445 from adamcstephens/kanidm/1.3.3

kanidm: 1.3.2 -> 1.3.3

authored by

Martin Weinelt and committed by
GitHub
d9cf6ea6 4c930c06

+29 -8
+9 -2
nixos/tests/kanidm-provisioning.nix
··· 4 4 certs = import ./common/acme/server/snakeoil-certs.nix; 5 5 serverDomain = certs.domain; 6 6 7 + # copy certs to store to work around mount namespacing 8 + certsPath = pkgs.runCommandNoCC "snakeoil-certs" { } '' 9 + mkdir $out 10 + cp ${certs."${serverDomain}".cert} $out/snakeoil.crt 11 + cp ${certs."${serverDomain}".key} $out/snakeoil.key 12 + ''; 13 + 7 14 provisionAdminPassword = "very-strong-password-for-admin"; 8 15 provisionIdmAdminPassword = "very-strong-password-for-idm-admin"; 9 16 provisionIdmAdminPassword2 = "very-strong-alternative-password-for-idm-admin"; ··· 23 30 domain = serverDomain; 24 31 bindaddress = "[::]:443"; 25 32 ldapbindaddress = "[::1]:636"; 26 - tls_chain = certs."${serverDomain}".cert; 27 - tls_key = certs."${serverDomain}".key; 33 + tls_chain = "${certsPath}/snakeoil.crt"; 34 + tls_key = "${certsPath}/snakeoil.key"; 28 35 }; 29 36 # So we can check whether provisioning did what we wanted 30 37 enableClient = true;
+9 -2
nixos/tests/kanidm.nix
··· 6 6 testCredentials = { 7 7 password = "Password1_cZPEwpCWvrReripJmAZdmVIZd8HHoHcl"; 8 8 }; 9 + 10 + # copy certs to store to work around mount namespacing 11 + certsPath = pkgs.runCommandNoCC "snakeoil-certs" { } '' 12 + mkdir $out 13 + cp ${certs."${serverDomain}".cert} $out/snakeoil.crt 14 + cp ${certs."${serverDomain}".key} $out/snakeoil.key 15 + ''; 9 16 in 10 17 { 11 18 name = "kanidm"; ··· 19 26 domain = serverDomain; 20 27 bindaddress = "[::]:443"; 21 28 ldapbindaddress = "[::1]:636"; 22 - tls_chain = certs."${serverDomain}".cert; 23 - tls_key = certs."${serverDomain}".key; 29 + tls_chain = "${certsPath}/snakeoil.crt"; 30 + tls_key = "${certsPath}/snakeoil.key"; 24 31 }; 25 32 }; 26 33
+11 -4
pkgs/by-name/ka/kanidm/package.nix
··· 28 28 in 29 29 rustPlatform.buildRustPackage rec { 30 30 pname = "kanidm"; 31 - version = "1.3.2"; 31 + version = "1.3.3"; 32 32 33 33 src = fetchFromGitHub { 34 34 owner = pname; 35 35 repo = pname; 36 36 rev = "refs/tags/v${version}"; 37 - hash = "sha256-YFmWZlDcsSk+7EGkoK0SkAhNsrIQa55IRIVqisX3zqE="; 37 + hash = "sha256-W5G7osV4du6w/BfyY9YrDzorcLNizRsoz70RMfO2AbY="; 38 38 }; 39 39 40 - cargoHash = "sha256-8ZENe576gqm+FkQPCgz6mScqdacHilARFWmfe+kDL2A="; 40 + cargoHash = "sha256-gJrzOK6vPPBgsQFkKrbMql00XSfKGjgpZhYJLTURxoI="; 41 41 42 42 KANIDM_BUILD_PROFILE = "release_nixos_${arch}"; 43 43 ··· 110 110 inherit (nixosTests) kanidm kanidm-provisioning; 111 111 }; 112 112 113 - updateScript = nix-update-script { }; 113 + updateScript = nix-update-script { 114 + # avoid spurious releases and tags such as "debs" 115 + extraArgs = [ 116 + "-vr" 117 + "v(.*)" 118 + ]; 119 + }; 120 + 114 121 inherit enableSecretProvisioning; 115 122 withSecretProvisioning = kanidm.override { enableSecretProvisioning = true; }; 116 123 };