pkgs/by-name/he/heimdal/package.nix at python-updates

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / by-name / he / heimdal / package.nix
at python-updates 199 lines 5.2 kB view raw
wrap content
  1{
  2  lib,
  3  stdenv,
  4  fetchFromGitHub,
  5  autoreconfHook,
  6  pkg-config,
  7  python3,
  8  perl,
  9  bison,
 10  flex,
 11  texinfo,
 12  perlPackages,
 13
 14  openldap,
 15  libcap_ng,
 16  sqlite,
 17  openssl,
 18  db,
 19  libedit,
 20  pam,
 21  libmicrohttpd,
 22  cjson,
 23
 24  curl,
 25  jdk_headless,
 26  unzip,
 27  which,
 28
 29  nixosTests,
 30
 31  withCJSON ? true,
 32  withCapNG ? stdenv.hostPlatform.isLinux,
 33  # libmicrohttpd should theoretically work for darwin as well, but something is broken.
 34  # It affects tests check-bx509d and check-httpkadmind.
 35  withMicroHTTPD ? stdenv.hostPlatform.isLinux,
 36  withOpenLDAP ? true,
 37  withOpenLDAPAsHDBModule ? false,
 38  withOpenSSL ? true,
 39  withSQLite3 ? true,
 40}:
 41
 42assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
 43  OpenLDAP needs to be enabled in order to build the OpenLDAP HDB Module.
 44'';
 45
 46stdenv.mkDerivation {
 47  pname = "heimdal";
 48  version = "7.8.0-unstable-2024-09-10";
 49
 50  src = fetchFromGitHub {
 51    owner = "heimdal";
 52    repo = "heimdal";
 53    rev = "fd2d434dd375c402d803e6f948cfc6e257d3facc";
 54    hash = "sha256-WA3lo3eD05l7zKuKEVxudMmiG7OvjK/calaUzPQ2pWs=";
 55  };
 56
 57  outputs = [
 58    "out"
 59    "dev"
 60    "man"
 61    "info"
 62  ];
 63
 64  nativeBuildInputs = [
 65    autoreconfHook
 66    pkg-config
 67    python3
 68    perl
 69    bison
 70    flex
 71    perlPackages.JSON
 72    texinfo
 73  ];
 74
 75  buildInputs = [
 76    db
 77    libedit
 78    pam
 79  ]
 80  ++ lib.optionals withCJSON [ cjson ]
 81  ++ lib.optionals withCapNG [ libcap_ng ]
 82  ++ lib.optionals withMicroHTTPD [ libmicrohttpd ]
 83  ++ lib.optionals withOpenLDAP [ openldap ]
 84  ++ lib.optionals withOpenSSL [ openssl ]
 85  ++ lib.optionals withSQLite3 [ sqlite ];
 86
 87  doCheck = true;
 88  nativeCheckInputs = [
 89    curl
 90    jdk_headless
 91    unzip
 92    which
 93  ];
 94
 95  configureFlags = [
 96    "--with-hdbdir=/var/lib/heimdal"
 97
 98    "--with-libedit-include=${libedit.dev}/include"
 99    "--with-libedit-lib=${libedit}/lib"
100    "--with-berkeley-db-include=${db.dev}/include"
101    "--with-berkeley-db"
102
103    "--without-x"
104    "--disable-afs-string-to-key"
105  ]
106  ++ lib.optionals withCapNG [
107    "--with-capng"
108  ]
109  ++ lib.optionals withCJSON [
110    "--with-cjson=${cjson}"
111  ]
112  ++ lib.optionals withOpenLDAP [
113    "--with-openldap=${openldap.dev}"
114  ]
115  ++ lib.optionals withOpenLDAPAsHDBModule [
116    "--enable-hdb-openldap-module"
117  ]
118  ++ lib.optionals withSQLite3 [
119    "--with-sqlite3=${sqlite.dev}"
120  ];
121
122  patches = [
123    # Proposed @ https://github.com/heimdal/heimdal/pull/1262
124    ./0001-Include-db.h-for-nbdb-compat-mode.patch
125    # Proposed @ https://github.com/heimdal/heimdal/pull/1264
126    ./0001-Define-HAVE_DB_185_H.patch
127    # Proposed @ https://github.com/heimdal/heimdal/pull/1265
128    ./0001-Link-tests-with-libresolv.patch
129  ];
130
131  # (check-ldap) slapd resides within ${openldap}/libexec,
132  #              which is not part of $PATH by default.
133  # (check-ldap) prepending ${openldap}/bin to the path to avoid
134  #              using the default installation of openldap on unsandboxed darwin systems,
135  #              which does not support the new mdb backend at the moment (2024-01-13).
136  # (check-ldap) the bdb backend got deprecated in favour of mdb in openldap 2.5.0,
137  #              but the heimdal tests still seem to expect bdb as the openldap backend.
138  #              This might be fixed upstream in a future update.
139  postPatch = ''
140    substituteInPlace tests/ldap/slapd-init.in \
141      --replace-fail 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema '
142    substituteInPlace tests/ldap/check-ldap.in \
143      --replace-fail 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:'
144    substituteInPlace tests/ldap/slapd.conf \
145      --replace-fail 'database	bdb' 'database mdb'
146    substituteInPlace tests/kdc/check-iprop.in \
147      --replace-fail '/bin/pwd' 'pwd'
148  '';
149
150  # (test_cc) heimdal uses librokens implementation of `secure_getenv` on darwin,
151  #           which expects either USER or LOGNAME to be set.
152  preCheck = lib.optionalString (stdenv.hostPlatform.isDarwin) ''
153    export USER=nix-builder
154  '';
155
156  # We need to build hcrypt for applications like samba
157  postBuild = ''
158    (cd include/hcrypto; make -j $NIX_BUILD_CORES)
159    (cd lib/hcrypto; make -j $NIX_BUILD_CORES)
160  '';
161
162  postInstall = ''
163    # Install hcrypto
164    (cd include/hcrypto; make -j $NIX_BUILD_CORES install)
165    (cd lib/hcrypto; make -j $NIX_BUILD_CORES install)
166
167    mkdir -p $dev/bin
168    mv $out/bin/krb5-config $dev/bin/
169
170    # asn1 compilers, move them to $dev
171    mv $out/libexec/heimdal/* $dev/bin
172    rmdir $out/libexec/heimdal
173
174    # compile_et is needed for cross-compiling this package and samba
175    mv lib/com_err/.libs/compile_et $dev/bin
176  '';
177
178  # Issues with hydra
179  #  In file included from hxtool.c:34:0:
180  #  hx_locl.h:67:25: fatal error: pkcs10_asn1.h: No such file or directory
181  #enableParallelBuilding = true;
182
183  passthru = {
184    implementation = "heimdal";
185    tests.nixos = nixosTests.kerberos.heimdal;
186  };
187
188  meta = {
189    homepage = "https://www.heimdal.software";
190    changelog = "https://github.com/heimdal/heimdal/releases";
191    description = "Implementation of Kerberos 5 (and some more stuff)";
192    license = lib.licenses.bsd3;
193    platforms = lib.platforms.unix;
194    maintainers = with lib.maintainers; [
195      h7x4
196      dblsaiko
197    ];
198  };
199}