pyrox.dev
Merge pull request #336445 from adamcstephens/kanidm/1.3.3
kanidm: 1.3.2 -> 1.3.3
authored by
Martin Weinelt
and committed by
GitHub
d9cf6ea6
4c930c06
+9
-2
nixos/tests/kanidm-provisioning.nix
+9
-2
nixos/tests/kanidm-provisioning.nix
···
4
certs = import ./common/acme/server/snakeoil-certs.nix;
5
serverDomain = certs.domain;
6
7
provisionAdminPassword = "very-strong-password-for-admin";
8
provisionIdmAdminPassword = "very-strong-password-for-idm-admin";
9
provisionIdmAdminPassword2 = "very-strong-alternative-password-for-idm-admin";
···
23
domain = serverDomain;
24
bindaddress = "[::]:443";
25
ldapbindaddress = "[::1]:636";
26
-
tls_chain = certs."${serverDomain}".cert;
27
-
tls_key = certs."${serverDomain}".key;
28
};
29
# So we can check whether provisioning did what we wanted
30
enableClient = true;
···
4
certs = import ./common/acme/server/snakeoil-certs.nix;
5
serverDomain = certs.domain;
6
7
+
# copy certs to store to work around mount namespacing
8
+
certsPath = pkgs.runCommandNoCC "snakeoil-certs" { } ''
9
+
mkdir $out
10
+
cp ${certs."${serverDomain}".cert} $out/snakeoil.crt
11
+
cp ${certs."${serverDomain}".key} $out/snakeoil.key
12
+
'';
13
+
14
provisionAdminPassword = "very-strong-password-for-admin";
15
provisionIdmAdminPassword = "very-strong-password-for-idm-admin";
16
provisionIdmAdminPassword2 = "very-strong-alternative-password-for-idm-admin";
···
30
domain = serverDomain;
31
bindaddress = "[::]:443";
32
ldapbindaddress = "[::1]:636";
33
+
tls_chain = "${certsPath}/snakeoil.crt";
34
+
tls_key = "${certsPath}/snakeoil.key";
35
};
36
# So we can check whether provisioning did what we wanted
37
enableClient = true;
+9
-2
nixos/tests/kanidm.nix
+9
-2
nixos/tests/kanidm.nix
···
6
testCredentials = {
7
password = "Password1_cZPEwpCWvrReripJmAZdmVIZd8HHoHcl";
8
};
9
in
10
{
11
name = "kanidm";
···
19
domain = serverDomain;
20
bindaddress = "[::]:443";
21
ldapbindaddress = "[::1]:636";
22
-
tls_chain = certs."${serverDomain}".cert;
23
-
tls_key = certs."${serverDomain}".key;
24
};
25
};
26
···
6
testCredentials = {
7
password = "Password1_cZPEwpCWvrReripJmAZdmVIZd8HHoHcl";
8
};
9
+
10
+
# copy certs to store to work around mount namespacing
11
+
certsPath = pkgs.runCommandNoCC "snakeoil-certs" { } ''
12
+
mkdir $out
13
+
cp ${certs."${serverDomain}".cert} $out/snakeoil.crt
14
+
cp ${certs."${serverDomain}".key} $out/snakeoil.key
15
+
'';
16
in
17
{
18
name = "kanidm";
···
26
domain = serverDomain;
27
bindaddress = "[::]:443";
28
ldapbindaddress = "[::1]:636";
29
+
tls_chain = "${certsPath}/snakeoil.crt";
30
+
tls_key = "${certsPath}/snakeoil.key";
31
};
32
};
33
+11
-4
pkgs/by-name/ka/kanidm/package.nix
+11
-4
pkgs/by-name/ka/kanidm/package.nix
···
28
in
29
rustPlatform.buildRustPackage rec {
30
pname = "kanidm";
31
-
version = "1.3.2";
32
33
src = fetchFromGitHub {
34
owner = pname;
35
repo = pname;
36
rev = "refs/tags/v${version}";
37
-
hash = "sha256-YFmWZlDcsSk+7EGkoK0SkAhNsrIQa55IRIVqisX3zqE=";
38
};
39
40
-
cargoHash = "sha256-8ZENe576gqm+FkQPCgz6mScqdacHilARFWmfe+kDL2A=";
41
42
KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
43
···
110
inherit (nixosTests) kanidm kanidm-provisioning;
111
};
112
113
-
updateScript = nix-update-script { };
114
inherit enableSecretProvisioning;
115
withSecretProvisioning = kanidm.override { enableSecretProvisioning = true; };
116
};
···
28
in
29
rustPlatform.buildRustPackage rec {
30
pname = "kanidm";
31
+
version = "1.3.3";
32
33
src = fetchFromGitHub {
34
owner = pname;
35
repo = pname;
36
rev = "refs/tags/v${version}";
37
+
hash = "sha256-W5G7osV4du6w/BfyY9YrDzorcLNizRsoz70RMfO2AbY=";
38
};
39
40
+
cargoHash = "sha256-gJrzOK6vPPBgsQFkKrbMql00XSfKGjgpZhYJLTURxoI=";
41
42
KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
43
···
110
inherit (nixosTests) kanidm kanidm-provisioning;
111
};
112
113
+
updateScript = nix-update-script {
114
+
# avoid spurious releases and tags such as "debs"
115
+
extraArgs = [
116
+
"-vr"
117
+
"v(.*)"
118
+
];
119
+
};
120
+
121
inherit enableSecretProvisioning;
122
withSecretProvisioning = kanidm.override { enableSecretProvisioning = true; };
123
};