From a6734bdd2734b96b1cade2c973929856b7283c0e Mon Sep 17 00:00:00 2001
From: Kranium Gikos Mendoza <kranium@gikos.net>
Date: Sun, 17 Jan 2016 17:55:13 +0800
Subject: [PATCH 1/2] lasso: init at 2.5.1

---
 pkgs/development/libraries/lasso/default.nix | 31 ++++++++++++++++++++
 pkgs/top-level/all-packages.nix              |  2 ++
 2 files changed, 33 insertions(+)
 create mode 100644 pkgs/development/libraries/lasso/default.nix

diff --git a/pkgs/development/libraries/lasso/default.nix b/pkgs/development/libraries/lasso/default.nix
new file mode 100644
index 00000000000..a16a1f431a6
--- /dev/null
+++ b/pkgs/development/libraries/lasso/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, autoconf, automake, autoreconfHook, fetchurl, glib, gobjectIntrospection, gtk_doc, libtool, libxml2, libxslt, openssl, pkgconfig, python27Packages, xmlsec, zlib }:
+
+stdenv.mkDerivation rec {
+
+  name = "lasso-${version}";
+  version = "2.5.1";
+
+  src = fetchurl {
+    url = "https://dev.entrouvert.org/lasso/lasso-${version}.tar.gz";
+    sha256 = "0n10zjjw84303c9vfy9bqhyzdl01459akbwy86cbgphd826mq45y";
+
+  };
+
+  buildInputs = [ autoconf automake autoreconfHook glib gobjectIntrospection gtk_doc libtool libxml2 libxslt openssl pkgconfig python27Packages.six xmlsec zlib ];
+
+  configurePhase = ''
+    ./configure --with-pkg-config=$PKG_CONFIG_PATH \
+                --disable-python \
+                --disable-perl \
+                --prefix=$out
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = http://lasso.entrouvert.org/;
+    description = "Liberty Alliance Single Sign-On library";
+    license = licenses.gpl2Plus;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ womfoo ];
+  };
+
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e6c488660f5..cf3047dfa25 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7430,6 +7430,8 @@ in
   };
   libkrb5 = self.krb5Full.override { type = "lib"; };
 
+  lasso = callPackage ../development/libraries/lasso { };  
+
   LASzip = callPackage ../development/libraries/LASzip { };
 
   lcms = self.lcms1;

From 25fbac5b52f80b43c778e16e906f2d5223412707 Mon Sep 17 00:00:00 2001
From: Kranium Gikos Mendoza <kranium@gikos.net>
Date: Sun, 7 Feb 2016 05:27:48 +0800
Subject: [PATCH 2/2] mod_auth_mellon: init at 0.12.0

---
 .../web-servers/apache-httpd/default.nix      |  8 ++++
 .../mod_auth_mellon/default.nix               | 38 +++++++++++++++++++
 .../mod_auth_mellon/fixdeps.patch             | 30 +++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 +
 4 files changed, 78 insertions(+)
 create mode 100644 pkgs/servers/http/apache-modules/mod_auth_mellon/default.nix
 create mode 100644 pkgs/servers/http/apache-modules/mod_auth_mellon/fixdeps.patch

diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix
index c23897192b4..9844e3c435d 100644
--- a/nixos/modules/services/web-servers/apache-httpd/default.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -337,6 +337,7 @@ let
         allModules =
           concatMap (svc: svc.extraModulesPre) allSubservices
           ++ map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules
+          ++ optional mainCfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; }
           ++ optional enablePHP { name = "php5"; path = "${php}/modules/libphp5.so"; }
           ++ concatMap (svc: svc.extraModules) allSubservices
           ++ extraForeignModules;
@@ -541,6 +542,12 @@ in
         '';
       };
 
+      enableMellon = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the mod_auth_mellon module.";
+      };
+
       enablePHP = mkOption {
         type = types.bool;
         default = false;
@@ -650,6 +657,7 @@ in
 
         environment =
           optionalAttrs enablePHP { PHPRC = phpIni; }
+          // optionalAttrs mainCfg.enableMellon { LD_LIBRARY_PATH  = "${pkgs.xmlsec}/lib"; }
           // (listToAttrs (concatMap (svc: svc.globalEnvVars) allSubservices));
 
         preStart =
diff --git a/pkgs/servers/http/apache-modules/mod_auth_mellon/default.nix b/pkgs/servers/http/apache-modules/mod_auth_mellon/default.nix
new file mode 100644
index 00000000000..5bad8b7dc53
--- /dev/null
+++ b/pkgs/servers/http/apache-modules/mod_auth_mellon/default.nix
@@ -0,0 +1,38 @@
+{ stdenv, apacheHttpd, autoconf, automake, autoreconfHook, curl, fetchFromGitHub, glib, lasso, libtool, libxml2, libxslt, openssl, pkgconfig, xmlsec }:
+
+stdenv.mkDerivation rec {
+
+  name = "mod_auth_mellon-${version}";
+  version = "0.12.0";
+
+  src = fetchFromGitHub {
+    owner = "UNINETT";
+    repo = "mod_auth_mellon";
+    rev = "v${version}";
+    sha256 = "1p6v6vgrfvgvc5y2ygqyyxi0klpm3nxaw3fg35zmpmw663w8skqn";
+  };
+
+  patches = [
+    ./fixdeps.patch
+  ];
+
+  buildInputs = [ apacheHttpd autoconf autoreconfHook automake curl glib lasso libtool libxml2 libxslt openssl pkgconfig xmlsec ];
+
+  configureFlags = ["--with-apxs2=${apacheHttpd}/bin/apxs" "--exec-prefix=$out"];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp ./mellon_create_metadata.sh $out/bin
+    mkdir -p $out/modules
+    cp ./.libs/mod_auth_mellon.so $out/modules
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://github.com/UNINETT/mod_auth_mellon;
+    description = "An Apache module with a simple SAML 2.0 service provider";
+    license = licenses.gpl2Plus;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ womfoo ];
+  };
+
+}
diff --git a/pkgs/servers/http/apache-modules/mod_auth_mellon/fixdeps.patch b/pkgs/servers/http/apache-modules/mod_auth_mellon/fixdeps.patch
new file mode 100644
index 00000000000..63b69fb142f
--- /dev/null
+++ b/pkgs/servers/http/apache-modules/mod_auth_mellon/fixdeps.patch
@@ -0,0 +1,30 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -74,6 +74,16 @@ PKG_CHECK_MODULES([GLIB], [glib-2.0 >= 2.12])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+ 
++#include <libxml/uri.h>
++PKG_CHECK_MODULES(LIBXML2, libxml-2.0)
++AC_SUBST(LIBXML2_CFLAGS)
++AC_SUBST(LIBXML2_LIBS)
++
++#include <xmlsec/xmlenc.h>
++PKG_CHECK_MODULES(XMLSEC, xmlsec1-openssl)
++AC_SUBST(XMLSEC_CFLAGS)
++AC_SUBST(XMLSEC_LIBS)
++
+ # Test to see if we can include lasso/utils.h
+ # AC_CHECK_HEADER won't work correctly unless we specifiy the include directories
+ # found in the LASSO_CFLAGS. Save and restore CFLAGS and CPPFLAGS.
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -25,7 +25,7 @@
+ all:	mod_auth_mellon.la
+ 
+ mod_auth_mellon.la: $(SRC) auth_mellon.h auth_mellon_compat.h
+-	@APXS2@ -Wc,"-std=c99 @OPENSSL_CFLAGS@ @LASSO_CFLAGS@ @CURL_CFLAGS@ @GLIB_CFLAGS@ @CFLAGS@" -Wl,"@OPENSSL_LIBS@ @LASSO_LIBS@ @CURL_LIBS@ @GLIB_LIBS@" -Wc,-Wall -Wc,-g -c $(SRC)
++	@APXS2@ -Wc,"-std=c99 @OPENSSL_CFLAGS@ @LASSO_CFLAGS@ @CURL_CFLAGS@ @GLIB_CFLAGS@ @CFLAGS@ @LIBXML2_CFLAGS@ @XMLSEC_CFLAGS@ @CFLAGS@" -Wl,"@OPENSSL_LIBS@ @LASSO_LIBS@ @CURL_LIBS@ @GLIB_LIBS@ @LIBXML2_LIBS@ @XMLSEC_LIBS@" -Wc,-Wall -Wc,-g -c $(SRC)
+ 
+ 
+ # Building configure (for distribution)
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index cf3047dfa25..db67e5bd271 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9731,6 +9731,8 @@ in
   apacheHttpdPackagesFor = apacheHttpd: self: let callPackage = newScope self; in {
     inherit apacheHttpd;
 
+    mod_auth_mellon = callPackage ../servers/http/apache-modules/mod_auth_mellon { };
+
     mod_dnssd = callPackage ../servers/http/apache-modules/mod_dnssd { };
 
     mod_evasive = callPackage ../servers/http/apache-modules/mod_evasive { };