pkgs/os-specific/linux/freeipa/default.nix at devShellTools-shell

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / os-specific / linux / freeipa / default.nix
at devShellTools-shell 195 lines 4.0 kB view raw
wrap content
  1{
  2  stdenv,
  3  lib,
  4  fetchurl,
  5  fetchpatch,
  6  pkg-config,
  7  autoconf,
  8  automake,
  9  kerberos,
 10  openldap,
 11  popt,
 12  sasl,
 13  curl,
 14  xmlrpc_c,
 15  ding-libs,
 16  p11-kit,
 17  gettext,
 18  nspr,
 19  nss,
 20  _389-ds-base,
 21  svrcore,
 22  libuuid,
 23  talloc,
 24  tevent,
 25  samba,
 26  libunistring,
 27  libverto,
 28  libpwquality,
 29  systemd,
 30  python3,
 31  bind,
 32  sssd,
 33  jre,
 34  rhino,
 35  lesscpy,
 36  jansson,
 37  runtimeShell,
 38  versionCheckHook,
 39}:
 40
 41let
 42  pythonInputs = with python3.pkgs; [
 43    distutils
 44    six
 45    python-ldap
 46    dnspython
 47    netaddr
 48    netifaces
 49    gssapi
 50    dogtag-pki
 51    pyasn1
 52    sssd
 53    cffi
 54    lxml
 55    dbus-python
 56    cryptography
 57    python-memcached
 58    qrcode
 59    pyusb
 60    yubico
 61    setuptools
 62    jinja2
 63    augeas
 64    samba
 65    ifaddr
 66  ];
 67in
 68stdenv.mkDerivation rec {
 69  pname = "freeipa";
 70  version = "4.12.4";
 71
 72  src = fetchurl {
 73    url = "https://releases.pagure.org/freeipa/freeipa-${version}.tar.gz";
 74    hash = "sha256-Nn3dHoaAt6+MZ0gMFCJniXginq4guNM8HjChren9adY=";
 75  };
 76
 77  patches = [
 78    (fetchpatch {
 79      name = "support-pyca-44.0";
 80      url = "https://github.com/freeipa/freeipa/pull/7619/commits/2dc4133920fe58ce414c545102c74173d40d1997.patch";
 81      hash = "sha256-PROnPc/1qS3hcO8s5sel55tsyZ1VPjEKLcua8Pd4DP0=";
 82    })
 83    (fetchpatch {
 84      name = "fix-tripledes-cipher-warnings";
 85      url = "https://github.com/freeipa/freeipa/pull/7619/commits/e2bf6e4091c7b5320ec6387dab2d5cabe4a9a42d.patch";
 86      hash = "sha256-AyMK0hjXMrFK4/qIcjPMFH9DKvnvYOK2QS83Otcc+l4=";
 87    })
 88  ];
 89
 90  nativeBuildInputs = [
 91    python3.pkgs.wrapPython
 92    jre
 93    rhino
 94    lesscpy
 95    automake
 96    autoconf
 97    gettext
 98    pkg-config
 99  ];
100
101  buildInputs = [
102    kerberos
103    openldap
104    popt
105    sasl
106    curl
107    xmlrpc_c
108    ding-libs
109    p11-kit
110    python3
111    nspr
112    nss
113    _389-ds-base
114    svrcore
115    libuuid
116    talloc
117    tevent
118    samba
119    libunistring
120    libverto
121    systemd
122    bind
123    libpwquality
124    jansson
125  ]
126  ++ pythonInputs;
127
128  postPatch = ''
129    patchShebangs makeapi makeaci install/ui/util
130
131    substituteInPlace ipasetup.py.in \
132      --replace 'int(v)' 'int(v.replace("post", ""))'
133
134    substituteInPlace client/ipa-join.c \
135      --replace /usr/sbin/ipa-getkeytab $out/bin/ipa-getkeytab
136
137    substituteInPlace ipaplatform/nixos/paths.py \
138      --subst-var out \
139      --subst-var-by bind ${bind.dnsutils} \
140      --subst-var-by curl ${curl} \
141      --subst-var-by kerberos ${kerberos}
142  '';
143
144  NIX_CFLAGS_COMPILE = "-I${_389-ds-base}/include/dirsrv";
145  pythonPath = pythonInputs;
146
147  # Building and installing the server fails with silent Rhino errors, skipping
148  # for now. Need a newer Rhino version.
149  #buildFlags = [ "client" "server" ]
150
151  configureFlags = [
152    "--with-systemdsystemunitdir=$out/lib/systemd/system"
153    "--with-ipaplatform=nixos"
154    "--disable-server"
155  ];
156
157  postInstall = ''
158    echo "
159     #!${runtimeShell}
160     echo 'ipa-client-install is not available on NixOS. Please see security.ipa, instead.'
161     exit 1
162    " > $out/sbin/ipa-client-install
163  '';
164
165  postFixup = ''
166    wrapPythonPrograms
167    rm -rf $out/etc/ipa $out/var/lib/ipa-client/sysrestore
168  '';
169
170  nativeInstallCheckInputs = [
171    versionCheckHook
172  ];
173  versionCheckProgram = "${placeholder "out"}/bin/${meta.mainProgram}";
174  versionCheckProgramArg = "--version";
175  doInstallCheck = true;
176
177  meta = with lib; {
178    description = "Identity, Policy and Audit system";
179    longDescription = ''
180      IPA is an integrated solution to provide centrally managed Identity (users,
181      hosts, services), Authentication (SSO, 2FA), and Authorization
182      (host access control, SELinux user roles, services). The solution provides
183      features for further integration with Linux based clients (SUDO, automount)
184      and integration with Active Directory based infrastructures (Trusts).
185    '';
186    homepage = "https://www.freeipa.org/";
187    license = licenses.gpl3Plus;
188    maintainers = with maintainers; [
189      s1341
190      benley
191    ];
192    platforms = platforms.linux;
193    mainProgram = "ipa";
194  };
195}