tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / freeipa / default.nix
at netboot-syslinux-multiplatform 171 lines 3.3 kB view raw
1{ stdenv 2, lib 3, fetchurl 4, pkg-config 5, autoconf 6, automake 7, kerberos 8, openldap 9, popt 10, sasl 11, curl 12, xmlrpc_c 13, ding-libs 14, p11-kit 15, gettext 16, nspr 17, nss 18, _389-ds-base 19, svrcore 20, libuuid 21, talloc 22, tevent 23, samba 24, libunistring 25, libverto 26, libpwquality 27, systemd 28, python3 29, bind 30, sssd 31, jre 32, rhino 33, lesscpy 34, jansson 35, runtimeShell 36}: 37 38let 39 pathsPy = ./paths.py; 40 41 pythonInputs = with python3.pkgs; [ 42 six 43 python-ldap 44 dnspython 45 netaddr 46 netifaces 47 gssapi 48 dogtag-pki 49 pyasn1 50 sssd 51 cffi 52 lxml 53 dbus-python 54 cryptography 55 python-memcached 56 qrcode 57 pyusb 58 yubico 59 setuptools 60 jinja2 61 augeas 62 samba 63 ]; 64in 65stdenv.mkDerivation rec { 66 pname = "freeipa"; 67 version = "4.10.1"; 68 69 src = fetchurl { 70 url = "https://releases.pagure.org/freeipa/freeipa-${version}.tar.gz"; 71 sha256 = "sha256-q2rQzcBl1tI4/7+hxEwOY9ND86hObe7O7Y9EEH7cUoA="; 72 }; 73 74 nativeBuildInputs = [ 75 python3.pkgs.wrapPython 76 jre 77 rhino 78 lesscpy 79 automake 80 autoconf 81 gettext 82 pkg-config 83 ]; 84 85 buildInputs = [ 86 kerberos 87 openldap 88 popt 89 sasl 90 curl 91 xmlrpc_c 92 ding-libs 93 p11-kit 94 python3 95 nspr 96 nss 97 _389-ds-base 98 svrcore 99 libuuid 100 talloc 101 tevent 102 samba 103 libunistring 104 libverto 105 systemd 106 bind 107 libpwquality 108 jansson 109 ] ++ pythonInputs; 110 111 postPatch = '' 112 patchShebangs makeapi makeaci install/ui/util 113 114 substituteInPlace ipaplatform/setup.py \ 115 --replace 'ipaplatform.debian' 'ipaplatform.nixos' 116 117 substituteInPlace ipasetup.py.in \ 118 --replace 'int(v)' 'int(v.replace("post", ""))' 119 120 substituteInPlace client/ipa-join.c \ 121 --replace /usr/sbin/ipa-getkeytab $out/bin/ipa-getkeytab 122 123 cp -r ipaplatform/{fedora,nixos} 124 substitute ${pathsPy} ipaplatform/nixos/paths.py \ 125 --subst-var out \ 126 --subst-var-by bind ${bind.dnsutils} \ 127 --subst-var-by curl ${curl} \ 128 --subst-var-by kerberos ${kerberos} 129 ''; 130 131 NIX_CFLAGS_COMPILE = "-I${_389-ds-base}/include/dirsrv"; 132 pythonPath = pythonInputs; 133 134 # Building and installing the server fails with silent Rhino errors, skipping 135 # for now. Need a newer Rhino version. 136 #buildFlags = [ "client" "server" ] 137 138 configureFlags = [ 139 "--with-systemdsystemunitdir=$out/lib/systemd/system" 140 "--with-ipaplatform=nixos" 141 "--disable-server" 142 ]; 143 144 postInstall = '' 145 echo " 146 #!${runtimeShell} 147 echo 'ipa-client-install is not available on NixOS. Please see security.ipa, instead.' 148 exit 1 149 " > $out/sbin/ipa-client-install 150 ''; 151 152 postFixup = '' 153 wrapPythonPrograms 154 rm -rf $out/etc/ipa $out/var/lib/ipa-client/sysrestore 155 ''; 156 157 meta = with lib; { 158 description = "Identity, Policy and Audit system"; 159 longDescription = '' 160 IPA is an integrated solution to provide centrally managed Identity (users, 161 hosts, services), Authentication (SSO, 2FA), and Authorization 162 (host access control, SELinux user roles, services). The solution provides 163 features for further integration with Linux based clients (SUDO, automount) 164 and integration with Active Directory based infrastructures (Trusts). 165 ''; 166 homepage = "https://www.freeipa.org/"; 167 license = licenses.gpl3Plus; 168 maintainers = [ maintainers.s1341 ]; 169 platforms = platforms.linux; 170 }; 171}