diff options
| author | Timotej Lazar <timotej.lazar@araneo.si> | 2022-05-23 20:54:18 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2022-05-24 17:19:02 +0200 |
| commit | 3e59d41df031a86e48f6b8ee1ac7a72d3c183f69 (patch) | |
| tree | 15a60bbe45b2a09e93734c24c9b18e89be23f0f6 /gnu/packages/sssd.scm | |
| parent | ba708a52fdeb062443dc7174f683665f94b4b48b (diff) | |
| download | guix-3e59d41df031a86e48f6b8ee1ac7a72d3c183f69.tar.gz | |
gnu: sssd: Update to 2.7.0.
Add support for renewing AD membership with adcli. Wrap binaries with LDB_MODULES_PATH. Fix the sss_analyze utility to run without systemd libraries. Add native inputs to generate man pages and run additional tests during build. * gnu/packages/sssd.scm (sssd): Update to 2.7.0. [patches]: Drop patches applied upstream. Add a patch for sss_analyze. [inputs]: Add adcli, bash-minimal, jose, keyutils, libnl, pcre2, python. Drop augeas, pcre. [native-inputs]: Add cmocka, doxygen, gettext-minimal, libfaketime, libtool, openssh, po4a, softhsm. [arguments]: Rewrite in gexp style. Fix configure checks. Remove static library from install. Wrap binaries to set correct paths. * gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch, gnu/packages/patches/sssd-fix-samba-4.15.3.patch, gnu/packages/patches/sssd-fix-samba.patch: Delete files. * gnu/packages/patches/sssd-optional-systemd.patch: New file. * gnu/local.mk (dist_patch_DATA): Update accordingly. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu/packages/sssd.scm')
| -rw-r--r-- | gnu/packages/sssd.scm | 207 |
1 files changed, 131 insertions, 76 deletions
diff --git a/gnu/packages/sssd.scm b/gnu/packages/sssd.scm index 5457991952..2b4322d6d8 100644 --- a/gnu/packages/sssd.scm +++ b/gnu/packages/sssd.scm @@ -24,22 +24,28 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix gexp) #:use-module (guix git-download) #:use-module (guix utils) + #:use-module (guix build utils) #:use-module (guix build-system gnu) #:use-module (gnu packages) #:use-module (gnu packages) #:use-module (gnu packages adns) #:use-module (gnu packages augeas) #:use-module (gnu packages autotools) + #:use-module (gnu packages bash) #:use-module (gnu packages check) + #:use-module (gnu packages crypto) #:use-module (gnu packages curl) #:use-module (gnu packages cyrus-sasl) #:use-module (gnu packages databases) #:use-module (gnu packages dns) #:use-module (gnu packages docbook) #:use-module (gnu packages documentation) + #:use-module (gnu packages gettext) #:use-module (gnu packages glib) + #:use-module (gnu packages jose) #:use-module (gnu packages kerberos) #:use-module (gnu packages libunistring) #:use-module (gnu packages linux) @@ -49,8 +55,11 @@ #:use-module (gnu packages pcre) #:use-module (gnu packages popt) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages python) #:use-module (gnu packages samba) + #:use-module (gnu packages security-token) #:use-module (gnu packages selinux) + #:use-module (gnu packages ssh) #:use-module (gnu packages web) #:use-module (gnu packages xml)) @@ -136,93 +145,128 @@ dynamically-growing, reference-counted array; libbasicobjects, a set of fundamental object types for C.") (license license:lgpl3+))) -;; Note: This package installs modules for ldb and nss. For the former we -;; need to set LDB_MODULES_PATH. For the latter LD_PRELOAD or LD_LIBRARY_PATH -;; is needed. (define-public sssd (package (name "sssd") - (version "1.16.5") - (source (origin - (method url-fetch) - (uri (string-append "https://releases.pagure.org/SSSD/sssd/" - "sssd-" version ".tar.gz")) - (sha256 - (base32 - "1h6hwibaf3xa2w6qpzjiiywmfj6zkgbz4r2isf3gd0xm6vq7n6if")) - (patches (search-patches "sssd-fix-samba.patch" - "sssd-system-directories.patch" - "sssd-collision-with-external-nss-symbol.patch" - "sssd-fix-samba-4.15.3.patch")))) + (version "2.7.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/SSSD/sssd") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "05pw5lg410vc2yc3k4hqfsbyr9k4k18qb61gbh9xz7fcjpcysqv8")) + (patches (search-patches "sssd-optional-systemd.patch" + "sssd-system-directories.patch")))) (build-system gnu-build-system) (arguments - `(#:make-flags - (list (string-append "DOCBOOK_XSLT=" - (assoc-ref %build-inputs "docbook-xsl") - "/xml/xsl/docbook-xsl-" - ,(package-version docbook-xsl) - "/manpages/docbook.xsl") - ;; Remove "--postvalid" option, because that requires access to - ;; online DTDs. - "XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout") - #:configure-flags - (list "--localstatedir=/var" ;for /var/lib/sss, /var/run/sssd.pid, etc. - "--sysconfdir=/etc" ;/etc/sssd + (list + #:make-flags + #~(list (string-append "CFLAGS=-DRENEWAL_PROG_PATH=\\\"" + #$(this-package-input "adcli") "/sbin/adcli" + "\\\"") + (string-append "DOCBOOK_XSLT=" + #$(this-package-native-input "docbook-xsl") + "/xml/xsl/docbook-xsl-" + #$(package-version (this-package-native-input "docbook-xsl")) + "/manpages/docbook.xsl") + ;; Remove "--postvalid" option, because that requires access to + ;; online DTDs. + "XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout") + #:configure-flags + #~(list "--localstatedir=/var" ; for /var/lib/sss, /var/run/sssd.pid, etc. + "--sysconfdir=/etc" ; /etc/sssd - "--disable-cifs-idmap-plugin" - "--without-nfsv4-idmapd-plugin" - "--without-python2-bindings" - "--without-python3-bindings" - (string-append "--with-plugin-path=" - (assoc-ref %outputs "out") - "/lib/sssd") - (string-append "--with-krb5-plugin-path=" - (assoc-ref %outputs "out") - "/lib/krb5/plugins/libkrb5") - (string-append "--with-cifs-plugin-path=" - (assoc-ref %outputs "out") - "/lib/cifs-utils") - (string-append "--with-init-dir=" - (assoc-ref %outputs "out") - "/etc/init.d") - (string-append "--with-ldb-lib-dir=" - (assoc-ref %outputs "out") - "/lib/ldb/modules/ldb") - (string-append "--with-xml-catalog-path=" - (assoc-ref %build-inputs "docbook-xml") - "/xml/dtd/docbook/catalog.xml")) - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'disable-failing-test - (lambda _ - (substitute* "src/tests/responder_socket_access-tests.c" - (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") "")) - #t)) - (add-after 'unpack 'add-config-in - (lambda _ - (let ((config.h (open-file "config.h.in" "a"))) - (display (string-append " -/* Missing in commits on original repo, dunno why but won't work without. */ -#undef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH -") - config.h) - (close config.h)))) - (add-before 'configure 'autoconf - (lambda _ - (invoke "autoconf")))))) + "--disable-cifs-idmap-plugin" + "--without-nfsv4-idmapd-plugin" + (string-append "--with-plugin-path=" + #$output "/lib/sssd") + (string-append "--with-krb5-plugin-path=" + #$output "/lib/krb5/plugins/libkrb5") + (string-append "--with-cifs-plugin-path=" + #$output "/lib/cifs-utils") + (string-append "--with-init-dir=" + #$output "/etc/init.d") + (string-append "--with-ldb-lib-dir=" + #$output "/lib/ldb/modules/ldb") + (string-append "--with-xml-catalog-path=" + #$(this-package-native-input "docbook-xml") + "/xml/dtd/docbook/catalog.xml")) + #:phases + #~(modify-phases %standard-phases + (add-after 'patch-source-shebangs 'patch-more-shebangs + (lambda _ + (substitute* '("src/tools/analyzer/sss_analyze" + "src/tools/sss_obfuscate") + (("#!/usr/bin/.*python") + (string-append "#!" #$(this-package-input "python") "/bin/python3"))))) + (add-before 'bootstrap 'fix-configure-macros + (lambda _ + ;; A configure test for nsupdate realm support fails without this. + (substitute* "src/external/nsupdate.m4" + (("\\$NSUPDATE ") "$NSUPDATE -i ")) + ;; Let tests find softhsm lib. + (substitute* "src/external/test_ca.m4" + (("/usr/lib/softhsm") + (string-append #$(this-package-native-input "softhsm") + "/lib/softhsm"))))) + (add-before 'configure 'disable-failing-tests + (lambda _ + ;; Disable tests that needs /etc/passwd. + (substitute* "Makefile.am" + (("pam-srv-tests") "") + (("test-negcache") "")) + ;; This test fails for unknown reason. + (substitute* "src/tests/responder_socket_access-tests.c" + (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") "")))) + (add-before 'check 'set-libpython-path + (lambda _ + (setenv "LD_LIBRARY_PATH" + (string-append #$(this-package-input "python") "/lib")))) + (add-after 'install 'remove-static-libs + (lambda _ + ;; Remove a static library that produces a (harmless) warning + ;; when starting a program that uses sssd’s LDB modules. + (delete-file + (string-append #$output "/lib/ldb/modules/ldb/memberof.la")))) + (add-after 'install 'wrap-binaries + (lambda _ + (with-directory-excursion #$output + ;; Set path to LDB modules for sssd and utilities. + (for-each (lambda (bin) + (wrap-program (string-append "sbin/" bin) + `("LDB_MODULES_PATH" ":" prefix + (,(string-append #$output "/lib/ldb/modules/ldb"))))) + '("sssd" "sssctl" "sss_cache" "sss_override" "sss_seed")) + ;; Set path to sssd’s site-packages for scripts. + (for-each (lambda (script) + (wrap-program script + `("GUIX_PYTHONPATH" ":" prefix + (,(string-append #$output "/lib/python" + #$(version-major+minor + (package-version + (this-package-input "python"))) + "/site-packages"))))) + '("libexec/sssd/sss_analyze" "sbin/sss_obfuscate")))))))) (inputs - (list augeas - `(,isc-bind "utils") + (list adcli + bash-minimal c-ares - curl + curl ; for OpenID Connect support cyrus-sasl dbus ding-libs glib gnutls http-parser + `(,isc-bind "utils") jansson + jose ; for OpenID Connect support + keyutils ldb + libnl libselinux libsemanage libunistring @@ -231,21 +275,32 @@ fundamental object types for C.") nss openldap openssl - pcre + p11-kit ; for PKCS#11 support + pcre2 popt + python samba talloc tdb tevent)) (native-inputs - (list autoconf-2.69 - check-0.14 - docbook-xsl + (list autoconf + automake + check ; for tests + cmocka ; for tests docbook-xml + docbook-xsl + doxygen + gettext-minimal + libfaketime ; for tests + libtool libxml2 ; for xmllint libxslt + openssh ; for tests pkg-config - `(,util-linux "lib"))) ;for uuid.h, reqired for KCM + po4a + softhsm ; for tests + `(,util-linux "lib"))) ; for uuid.h, reqired for KCM (home-page "https://pagure.io/SSSD/sssd/") (synopsis "System security services daemon") (description "SSSD is a system daemon. Its primary function is to provide |