From 185e6a477ad5540c110e9c631a8a93cfa40d8b8a Mon Sep 17 00:00:00 2001 From: illustris Date: Fri, 29 Oct 2021 17:27:33 +0530 Subject: sssd: 1.16.5 -> 2.6.0, fix broken build --- nixos/tests/sssd-ldap.nix | 160 ++++++++++++++++---------------- pkgs/os-specific/linux/sssd/default.nix | 34 +++---- pkgs/servers/dns/bind/default.nix | 12 +-- 3 files changed, 98 insertions(+), 108 deletions(-) diff --git a/nixos/tests/sssd-ldap.nix b/nixos/tests/sssd-ldap.nix index e3119348eac..5c58eaef714 100644 --- a/nixos/tests/sssd-ldap.nix +++ b/nixos/tests/sssd-ldap.nix @@ -1,96 +1,94 @@ -({ pkgs, ... }: - let - dbDomain = "example.org"; - dbSuffix = "dc=example,dc=org"; +let + dbDomain = "example.org"; + dbSuffix = "dc=example,dc=org"; - ldapRootUser = "admin"; - ldapRootPassword = "foobar"; + ldapRootUser = "admin"; + ldapRootPassword = "foobar"; - testUser = "alice"; - in import ./make-test-python.nix { - name = "sssd-ldap"; + testUser = "alice"; +in import ./make-test-python.nix ({pkgs, ...}: { + name = "sssd-ldap"; - meta = with pkgs.lib.maintainers; { - maintainers = [ bbigras ]; - }; + meta = with pkgs.lib.maintainers; { + maintainers = [ bbigras ]; + }; - machine = { pkgs, ... }: { - services.openldap = { - enable = true; - settings = { - children = { - "cn=schema".includes = [ - "${pkgs.openldap}/etc/schema/core.ldif" - "${pkgs.openldap}/etc/schema/cosine.ldif" - "${pkgs.openldap}/etc/schema/inetorgperson.ldif" - "${pkgs.openldap}/etc/schema/nis.ldif" - ]; - "olcDatabase={1}mdb" = { - attrs = { - objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; - olcDatabase = "{1}mdb"; - olcDbDirectory = "/var/db/openldap"; - olcSuffix = dbSuffix; - olcRootDN = "cn=${ldapRootUser},${dbSuffix}"; - olcRootPW = ldapRootPassword; - }; + machine = { pkgs, ... }: { + services.openldap = { + enable = true; + settings = { + children = { + "cn=schema".includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + "${pkgs.openldap}/etc/schema/nis.ldif" + ]; + "olcDatabase={1}mdb" = { + attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/db/openldap"; + olcSuffix = dbSuffix; + olcRootDN = "cn=${ldapRootUser},${dbSuffix}"; + olcRootPW = ldapRootPassword; }; }; }; - declarativeContents = { - ${dbSuffix} = '' - dn: ${dbSuffix} - objectClass: top - objectClass: dcObject - objectClass: organization - o: ${dbDomain} + }; + declarativeContents = { + ${dbSuffix} = '' + dn: ${dbSuffix} + objectClass: top + objectClass: dcObject + objectClass: organization + o: ${dbDomain} - dn: ou=posix,${dbSuffix} - objectClass: top - objectClass: organizationalUnit + dn: ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit - dn: ou=accounts,ou=posix,${dbSuffix} - objectClass: top - objectClass: organizationalUnit + dn: ou=accounts,ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit - dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} - objectClass: person - objectClass: posixAccount - # userPassword: somePasswordHash - homeDirectory: /home/${testUser} - uidNumber: 1234 - gidNumber: 1234 - cn: "" - sn: "" - ''; - }; + dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} + objectClass: person + objectClass: posixAccount + # userPassword: somePasswordHash + homeDirectory: /home/${testUser} + uidNumber: 1234 + gidNumber: 1234 + cn: "" + sn: "" + ''; }; + }; - services.sssd = { - enable = true; - config = '' - [sssd] - config_file_version = 2 - services = nss, pam, sudo - domains = ${dbDomain} + services.sssd = { + enable = true; + config = '' + [sssd] + config_file_version = 2 + services = nss, pam, sudo + domains = ${dbDomain} - [domain/${dbDomain}] - auth_provider = ldap - id_provider = ldap - ldap_uri = ldap://127.0.0.1:389 - ldap_search_base = ${dbSuffix} - ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix} - ldap_default_authtok_type = password - ldap_default_authtok = ${ldapRootPassword} - ''; - }; + [domain/${dbDomain}] + auth_provider = ldap + id_provider = ldap + ldap_uri = ldap://127.0.0.1:389 + ldap_search_base = ${dbSuffix} + ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix} + ldap_default_authtok_type = password + ldap_default_authtok = ${ldapRootPassword} + ''; }; + }; - testScript = '' - machine.start() - machine.wait_for_unit("openldap.service") - machine.wait_for_unit("sssd.service") - machine.succeed("getent passwd ${testUser}") - ''; - } -) + testScript = '' + machine.start() + machine.wait_for_unit("openldap.service") + machine.wait_for_unit("sssd.service") + machine.succeed("getent passwd ${testUser}") + ''; +}) diff --git a/pkgs/os-specific/linux/sssd/default.nix b/pkgs/os-specific/linux/sssd/default.nix index 94b1a6d799d..4a05d89ac80 100644 --- a/pkgs/os-specific/linux/sssd/default.nix +++ b/pkgs/os-specific/linux/sssd/default.nix @@ -1,8 +1,8 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, fetchpatch, glibc, augeas, dnsutils, c-ares, curl, +{ lib, stdenv, fetchFromGitHub, autoreconfHook, glibc, augeas, dnsutils, c-ares, curl, cyrus_sasl, ding-libs, libnl, libunistring, nss, samba, nfs-utils, doxygen, python, python3, pam, popt, talloc, tdb, tevent, pkg-config, ldb, openldap, - pcre, libkrb5, cifs-utils, glib, keyutils, dbus, fakeroot, libxslt, libxml2, - libuuid, ldap, systemd, nspr, check, cmocka, uid_wrapper, + pcre2, libkrb5, cifs-utils, glib, keyutils, dbus, fakeroot, libxslt, libxml2, + libuuid, ldap, systemd, nspr, check, cmocka, uid_wrapper, p11-kit, nss_wrapper, ncurses, Po4a, http-parser, jansson, docbook_xsl, docbook_xml_dtd_44, withSudo ? false }: @@ -12,26 +12,18 @@ let in stdenv.mkDerivation rec { pname = "sssd"; - version = "1.16.5"; + version = "2.6.0"; src = fetchFromGitHub { owner = "SSSD"; repo = pname; - rev = "${pname}-${lib.replaceStrings ["."] ["_"] version}"; - sha256 = "0zbs04lkjbp7y92anmafl7gzamcnq1f147p13hc4byyvjk9rg6f7"; + rev = version; + sha256 = "1ik0x0b7s38d7n0aqhl31r0asxw6qcdb31hx9qydk87yg3n6rziv"; }; - patches = [ - # Fix build failure against samba 4.12.0rc1 - (fetchpatch { - url = "https://github.com/SSSD/sssd/commit/bc56b10aea999284458dcc293b54cf65288e325d.patch"; - sha256 = "0q74sx5n41srq3kdn55l5j1sq4xrjsnl5y4v8yh5mwsijj74yh4g"; - }) - # Fix collision with external nss symbol - (fetchpatch { - url = "https://github.com/SSSD/sssd/commit/fe9eeb51be06059721e873f77092b1e9ba08e6c1.patch"; - sha256 = "0b83b2w0rnvm26pg03a4lpmkmi7n3gqxg7lk751q61q79gnzrpz4"; - }) - ]; + + postPatch = '' + patchShebangs ./sbus_generate.sh.in + ''; # Something is looking for instead of NIX_CFLAGS_COMPILE = "-I${libxml2.dev}/include/libxml2"; @@ -64,8 +56,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; nativeBuildInputs = [ autoreconfHook pkg-config doxygen ]; buildInputs = [ augeas dnsutils c-ares curl cyrus_sasl ding-libs libnl libunistring nss - samba nfs-utils python python3 popt - talloc tdb tevent ldb pam openldap pcre libkrb5 + samba nfs-utils p11-kit python python3 popt + talloc tdb tevent ldb pam openldap pcre2 libkrb5 cifs-utils glib keyutils dbus fakeroot libxslt libxml2 libuuid ldap systemd nspr check cmocka uid_wrapper nss_wrapper ncurses Po4a http-parser jansson ]; @@ -102,6 +94,6 @@ stdenv.mkDerivation rec { changelog = "https://sssd.io/release-notes/sssd-${version}.html"; license = licenses.gpl3Plus; platforms = platforms.linux; - maintainers = [ maintainers.e-user ]; + maintainers = with maintainers; [ e-user illustris ]; }; } diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix index 753a361fc18..19b3a25de59 100644 --- a/pkgs/servers/dns/bind/default.nix +++ b/pkgs/servers/dns/bind/default.nix @@ -1,13 +1,12 @@ { config, stdenv, lib, fetchurl, fetchpatch , perl, pkg-config , libcap, libtool, libxml2, openssl, libuv -, enablePython ? config.bind.enablePython or false, python3 ? null -, enableSeccomp ? false, libseccomp ? null, buildPackages, nixosTests +, enableGSSAPI ? true, libkrb5 +, enablePython ? false, python3 +, enableSeccomp ? false, libseccomp +, buildPackages, nixosTests }: -assert enableSeccomp -> libseccomp != null; -assert enablePython -> python3 != null; - stdenv.mkDerivation rec { pname = "bind"; version = "9.16.16"; @@ -28,6 +27,7 @@ stdenv.mkDerivation rec { buildInputs = [ libtool libxml2 openssl libuv ] ++ lib.optional stdenv.isLinux libcap ++ lib.optional enableSeccomp libseccomp + ++ lib.optional enableGSSAPI libkrb5 ++ lib.optional enablePython (python3.withPackages (ps: with ps; [ ply ])); depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -39,7 +39,6 @@ stdenv.mkDerivation rec { "--without-atf" "--without-dlopen" "--without-docbook-xsl" - "--without-gssapi" "--without-idn" "--without-idnlib" "--without-lmdb" @@ -53,6 +52,7 @@ stdenv.mkDerivation rec { "--with-aes" ] ++ lib.optional stdenv.isLinux "--with-libcap=${libcap.dev}" ++ lib.optional enableSeccomp "--enable-seccomp" + ++ lib.optional enableGSSAPI "--with-gssapi=${libkrb5.dev}" ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) "BUILD_CC=$(CC_FOR_BUILD)"; postInstall = '' -- cgit 1.4.1