From cb1e30f84bc1814c693a2e224022a5b528192cae Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Sat, 7 Apr 2018 13:09:39 +0300 Subject: [PATCH 1/5] heimdal: refactor lib-prefixed packages to multi-output --- .../libraries/kerberos/heimdal.nix | 65 ++++++++++--------- pkgs/top-level/all-packages.nix | 6 +- 2 files changed, 39 insertions(+), 32 deletions(-) diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix index 24adb2a141e..134ca4f05b0 100644 --- a/pkgs/development/libraries/kerberos/heimdal.nix +++ b/pkgs/development/libraries/kerberos/heimdal.nix @@ -2,16 +2,11 @@ , texinfo, perlPackages , openldap, libcap_ng, sqlite, openssl, db, libedit, pam , CoreFoundation, Security, SystemConfiguration -# Extra Args -, type ? "" }: -let - libOnly = type == "lib"; -in with stdenv.lib; stdenv.mkDerivation rec { - name = "${type}heimdal-${version}"; + name = "heimdal-${version}"; version = "7.5.0"; src = fetchFromGitHub { @@ -21,15 +16,15 @@ stdenv.mkDerivation rec { sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d"; }; + outputs = [ "out" "bin" "dev" "man" ]; + patches = [ ./heimdal-make-missing-headers.patch ]; - nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ] - ++ (with perlPackages; [ JSON ]) - ++ optional (!libOnly) texinfo; + nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex texinfo ] + ++ (with perlPackages; [ JSON ]); buildInputs = optionals (stdenv.isLinux) [ libcap_ng ] - ++ [ db sqlite openssl libedit ] - ++ optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ] - ++ optionals (!libOnly) [ openldap pam ]; + ++ [ db sqlite openssl libedit openldap pam] + ++ optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ]; ## ugly, X should be made an option configureFlags = [ @@ -37,12 +32,14 @@ stdenv.mkDerivation rec { "--localstatedir=/var" "--enable-hdb-openldap-module" "--with-sqlite3=${sqlite.dev}" - "--with-libedit=${libedit}" + + # ugly, --with-libedit is not enought, it fall back to bundled libedit + "--with-libedit-include=${libedit.dev}/include" + "--with-libedit-lib=${libedit}/lib" "--with-openssl=${openssl.dev}" "--without-x" "--with-berkeley-db" "--with-berkeley-db-include=${db.dev}/include" - ] ++ optionals (!libOnly) [ "--with-openldap=${openldap.dev}" ] ++ optionals (stdenv.isLinux) [ "--with-capng" @@ -50,24 +47,17 @@ stdenv.mkDerivation rec { postUnpack = '' sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common + sed -i -e 's/date/date --date="@$SOURCE_DATE_EPOCH"/' source/configure.ac ''; - buildPhase = optionalString libOnly '' - (cd include; make -j $NIX_BUILD_CORES) - (cd lib; make -j $NIX_BUILD_CORES) - (cd tools; make -j $NIX_BUILD_CORES) - (cd include/hcrypto; make -j $NIX_BUILD_CORES) - (cd lib/hcrypto; make -j $NIX_BUILD_CORES) - ''; - - installPhase = optionalString libOnly '' - (cd include; make -j $NIX_BUILD_CORES install) - (cd lib; make -j $NIX_BUILD_CORES install) - (cd tools; make -j $NIX_BUILD_CORES install) - (cd include/hcrypto; make -j $NIX_BUILD_CORES install) - (cd lib/hcrypto; make -j $NIX_BUILD_CORES install) - rm -rf $out/{libexec,sbin,share} - find $out/bin -type f | grep -v 'krb5-config' | xargs rm + preConfigure = '' + configureFlagsArray+=( + "--bindir=$out/bin" # Put binaries to $out, then move them to $bin, + # otherwise we go a cyclic dependecny + "--sbindir=$out/sbin" + "--mandir=$man/share/man" + "--infodir=$man/share/info" + "--includedir=$dev/include") ''; # We need to build hcrypt for applications like samba @@ -76,14 +66,27 @@ stdenv.mkDerivation rec { (cd lib/hcrypto; make -j $NIX_BUILD_CORES) ''; + # FIXME: share/info hits $bin, IDK why, but I decide is to minor to block postInstall = '' # Install hcrypto (cd include/hcrypto; make -j $NIX_BUILD_CORES install) (cd lib/hcrypto; make -j $NIX_BUILD_CORES install) + # Do we need it? + rm $out/bin/su + # Doesn't succeed with --libexec=$out/sbin, so - mv "$out/libexec/"* $out/sbin/ + mkdir -p $dev/bin + mkdir -p $bin/{,s}bin + mv "$out/libexec/heimdal/"* $dev/bin/ + rmdir $out/libexec/heimdal + mv "$out/libexec/"* $bin/sbin/ rmdir $out/libexec + + mkdir -p $dev/bin && mv $out/bin/krb5-config $dev/bin/ + + # Move remaining binaries to $bin + mv $out/bin/* $bin/bin/ ''; # Issues with hydra diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8cd0eb706ae..6e4faf9fa32 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9700,10 +9700,14 @@ with pkgs; hamlib = callPackage ../development/libraries/hamlib { }; + # TODO : Let admin choose. + # We are using mit-krb5 because it is better maintained + kerberos = libkrb5; + heimdal = callPackage ../development/libraries/kerberos/heimdal.nix { inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration; }; - libheimdal = heimdal.override { type = "lib"; }; + libheimdal = heimdal; harfbuzz = callPackage ../development/libraries/harfbuzz { }; harfbuzz-icu = harfbuzz.override { From 4622b765ac9de49526dec7d986243a755b103882 Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Tue, 5 Jun 2018 19:07:22 +0300 Subject: [PATCH 2/5] kerberos: heimdal alias moved to aliases.nix --- pkgs/top-level/all-packages.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6e4faf9fa32..9901c7b33e4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9700,10 +9700,6 @@ with pkgs; hamlib = callPackage ../development/libraries/hamlib { }; - # TODO : Let admin choose. - # We are using mit-krb5 because it is better maintained - kerberos = libkrb5; - heimdal = callPackage ../development/libraries/kerberos/heimdal.nix { inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration; }; From 0a72127d57472069b12b080cd89d79917ac54bfe Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Thu, 21 Jun 2018 07:39:53 +0300 Subject: [PATCH 3/5] heimdal: move "info" to own output --- pkgs/development/libraries/kerberos/heimdal.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix index 134ca4f05b0..11f0ffdad16 100644 --- a/pkgs/development/libraries/kerberos/heimdal.nix +++ b/pkgs/development/libraries/kerberos/heimdal.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d"; }; - outputs = [ "out" "bin" "dev" "man" ]; + outputs = [ "out" "bin" "dev" "man" "info" ]; patches = [ ./heimdal-make-missing-headers.patch ]; @@ -30,6 +30,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" + "--infodir=$info/share/info" "--enable-hdb-openldap-module" "--with-sqlite3=${sqlite.dev}" @@ -66,7 +67,6 @@ stdenv.mkDerivation rec { (cd lib/hcrypto; make -j $NIX_BUILD_CORES) ''; - # FIXME: share/info hits $bin, IDK why, but I decide is to minor to block postInstall = '' # Install hcrypto (cd include/hcrypto; make -j $NIX_BUILD_CORES install) From 5a59d5e13143129e3e4f6f801874286781efac60 Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Thu, 12 Jul 2018 20:01:08 +0300 Subject: [PATCH 4/5] heimdal: simplify build, keep bin/ in $out --- .../libraries/kerberos/heimdal.nix | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix index 11f0ffdad16..5b92458d89e 100644 --- a/pkgs/development/libraries/kerberos/heimdal.nix +++ b/pkgs/development/libraries/kerberos/heimdal.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d"; }; - outputs = [ "out" "bin" "dev" "man" "info" ]; + outputs = [ "out" "dev" "man" "info" ]; patches = [ ./heimdal-make-missing-headers.patch ]; @@ -53,9 +53,9 @@ stdenv.mkDerivation rec { preConfigure = '' configureFlagsArray+=( - "--bindir=$out/bin" # Put binaries to $out, then move them to $bin, - # otherwise we go a cyclic dependecny + "--bindir=$out/bin" "--sbindir=$out/sbin" + "--libexecdir=$out/libexec/heimdal" "--mandir=$man/share/man" "--infodir=$man/share/info" "--includedir=$dev/include") @@ -75,18 +75,12 @@ stdenv.mkDerivation rec { # Do we need it? rm $out/bin/su - # Doesn't succeed with --libexec=$out/sbin, so mkdir -p $dev/bin - mkdir -p $bin/{,s}bin - mv "$out/libexec/heimdal/"* $dev/bin/ - rmdir $out/libexec/heimdal - mv "$out/libexec/"* $bin/sbin/ - rmdir $out/libexec + mv $out/bin/krb5-config $dev/bin/ - mkdir -p $dev/bin && mv $out/bin/krb5-config $dev/bin/ - - # Move remaining binaries to $bin - mv $out/bin/* $bin/bin/ + # asn1 compilers, move them to $dev + mv $out/libexec/heimdal/heimdal/* $dev/bin + rmdir $out/libexec/heimdal/heimdal ''; # Issues with hydra From e808b7da20c6123bfedc8b5b19ac7386a39b82ab Mon Sep 17 00:00:00 2001 From: "Alexander V. Nikolaev" Date: Wed, 8 Aug 2018 13:35:03 +0300 Subject: [PATCH 5/5] heimdal: adjust daemon paths, they are in libexec now --- nixos/modules/services/system/kerberos.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix index d151385d2f9..e2c45ed64ac 100644 --- a/nixos/modules/services/system/kerberos.nix +++ b/nixos/modules/services/system/kerberos.nix @@ -42,7 +42,7 @@ in protocol = "tcp"; user = "root"; server = "${pkgs.tcp_wrappers}/bin/tcpd"; - serverArgs = "${pkgs.heimdalFull}/bin/kadmind"; + serverArgs = "${pkgs.heimdalFull}/libexec/heimdal/kadmind"; }; systemd.services.kdc = { @@ -51,13 +51,13 @@ in preStart = '' mkdir -m 0755 -p ${stateDir} ''; - script = "${heimdalFull}/bin/kdc"; + script = "${heimdalFull}/libexec/heimdal/kdc"; }; systemd.services.kpasswdd = { description = "Kerberos Password Changing daemon"; wantedBy = [ "multi-user.target" ]; - script = "${heimdalFull}/bin/kpasswdd"; + script = "${heimdalFull}/libexec/heimdal/kpasswdd"; }; };