commit da470200dfef09ce0a280c0af9a4fecb855c22eb · pyrox.dev/nixpkgs

+171

pkgs/os-specific/linux/freeipa/default.nix

··· 1 + { stdenv 2 + , lib 3 + , fetchurl 4 + , pkgconfig 5 + , autoconf 6 + , automake 7 + , kerberos 8 + , openldap 9 + , popt 10 + , sasl 11 + , curl 12 + , xmlrpc_c 13 + , ding-libs 14 + , p11-kit 15 + , gettext 16 + , nspr 17 + , nss 18 + , _389-ds-base 19 + , svrcore 20 + , libuuid 21 + , talloc 22 + , tevent 23 + , samba 24 + , libunistring 25 + , libverto 26 + , libpwquality 27 + , systemd 28 + , python3 29 + , bind 30 + , sssd 31 + , jre 32 + , rhino 33 + , lesscpy 34 + , jansson 35 + , runtimeShell 36 + }: 37 + 38 + let 39 + pathsPy = ./paths.py; 40 + 41 + pythonInputs = with python3.pkgs; [ 42 + six 43 + ldap 44 + dns 45 + netaddr 46 + netifaces 47 + gssapi 48 + dogtag-pki 49 + pyasn1 50 + sssd 51 + cffi 52 + lxml 53 + dbus-python 54 + cryptography 55 + memcached 56 + qrcode 57 + pyusb 58 + yubico 59 + setuptools 60 + jinja2 61 + augeas 62 + samba 63 + ]; 64 + in 65 + stdenv.mkDerivation rec { 66 + pname = "freeipa"; 67 + version = "4.10.1"; 68 + 69 + src = fetchurl { 70 + url = "https://releases.pagure.org/freeipa/freeipa-${version}.tar.gz"; 71 + sha256 = "sha256-q2rQzcBl1tI4/7+hxEwOY9ND86hObe7O7Y9EEH7cUoA="; 72 + }; 73 + 74 + nativeBuildInputs = [ 75 + python3.pkgs.wrapPython 76 + jre 77 + rhino 78 + lesscpy 79 + automake 80 + autoconf 81 + gettext 82 + ]; 83 + 84 + buildInputs = [ 85 + kerberos 86 + openldap 87 + popt 88 + sasl 89 + curl 90 + xmlrpc_c 91 + pkgconfig 92 + ding-libs 93 + p11-kit 94 + python3 95 + nspr 96 + nss 97 + _389-ds-base 98 + svrcore 99 + libuuid 100 + talloc 101 + tevent 102 + samba 103 + libunistring 104 + libverto 105 + systemd 106 + bind 107 + libpwquality 108 + jansson 109 + ] ++ pythonInputs; 110 + 111 + postPatch = '' 112 + patchShebangs makeapi makeaci install/ui/util 113 + 114 + substituteInPlace ipaplatform/setup.py \ 115 + --replace 'ipaplatform.debian' 'ipaplatform.nixos' 116 + 117 + substituteInPlace ipasetup.py.in \ 118 + --replace 'int(v)' 'int(v.replace("post", ""))' 119 + 120 + substituteInPlace client/ipa-join.c \ 121 + --replace /usr/sbin/ipa-getkeytab $out/bin/ipa-getkeytab 122 + 123 + cp -r ipaplatform/{fedora,nixos} 124 + substitute ${pathsPy} ipaplatform/nixos/paths.py \ 125 + --subst-var out \ 126 + --subst-var-by bind ${bind.dnsutils} \ 127 + --subst-var-by curl ${curl} \ 128 + --subst-var-by kerberos ${kerberos} 129 + ''; 130 + 131 + NIX_CFLAGS_COMPILE = "-I${_389-ds-base}/include/dirsrv"; 132 + pythonPath = pythonInputs; 133 + 134 + # Building and installing the server fails with silent Rhino errors, skipping 135 + # for now. Need a newer Rhino version. 136 + #buildFlags = [ "client" "server" ] 137 + 138 + configureFlags = [ 139 + "--with-systemdsystemunitdir=$out/lib/systemd/system" 140 + "--with-ipaplatform=nixos" 141 + "--disable-server" 142 + ]; 143 + 144 + postInstall = '' 145 + echo " 146 + #!${runtimeShell} 147 + echo 'ipa-client-install is not available on NixOS. Please see security.ipa, instead.' 148 + exit 1 149 + " > $out/sbin/ipa-client-install 150 + ''; 151 + 152 + postFixup = '' 153 + wrapPythonPrograms 154 + rm -rf $out/etc/ipa $out/var/lib/ipa-client/sysrestore 155 + ''; 156 + 157 + meta = with lib; { 158 + description = "Identity, Policy and Audit system"; 159 + longDescription = '' 160 + IPA is an integrated solution to provide centrally managed Identity (users, 161 + hosts, services), Authentication (SSO, 2FA), and Authorization 162 + (host access control, SELinux user roles, services). The solution provides 163 + features for further integration with Linux based clients (SUDO, automount) 164 + and integration with Active Directory based infrastructures (Trusts). 165 + ''; 166 + homepage = "https://www.freeipa.org/"; 167 + license = licenses.gpl3Plus; 168 + maintainers = [ maintainers.s1341 ]; 169 + platforms = platforms.linux; 170 + }; 171 + }

+13

pkgs/os-specific/linux/freeipa/paths.py

··· 1 + from ipaplatform.fedora.paths import FedoraPathNamespace 2 + 3 + class NixOSPathNamespace(FedoraPathNamespace): 4 + SBIN_IPA_JOIN = "@out@/bin/ipa-join" 5 + IPA_GETCERT = "@out@/bin/ipa-getcert" 6 + IPA_RMKEYTAB = "@out@/bin/ipa-rmkeytab" 7 + IPA_GETKEYTAB = "@out@/bin/ipa-getkeytab" 8 + NSUPDATE = "@bind@/bin/nsupdate" 9 + BIN_CURL = "@curl@/bin/curl" 10 + KINIT = "@kerberos@/bin/kinit" 11 + KDESTROY = "@kerberos@/bin/kdestroy" 12 + 13 + paths = NixOSPathNamespace()

+10

pkgs/top-level/all-packages.nix

··· 19907 19907 inherit (darwin) autoSignDarwinBinariesHook; 19908 19908 }; 19909 19909 19910 + freeipa = callPackage ../os-specific/linux/freeipa { 19911 + kerberos = krb5.override { 19912 + withVerto = true; 19913 + }; 19914 + sasl = cyrus_sasl; 19915 + samba = samba4.override { 19916 + enableLDAP = true; 19917 + }; 19918 + }; 19919 + 19910 19920 freetts = callPackage ../development/libraries/freetts { 19911 19921 jdk = jdk8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 19912 19922 };