2023-04-12 12:48:02 +00:00
|
|
|
{ stdenv
|
|
|
|
, lib
|
|
|
|
, fetchurl
|
|
|
|
, pkg-config
|
|
|
|
, autoconf
|
|
|
|
, automake
|
|
|
|
, kerberos
|
|
|
|
, openldap
|
|
|
|
, popt
|
|
|
|
, sasl
|
|
|
|
, curl
|
|
|
|
, xmlrpc_c
|
|
|
|
, ding-libs
|
|
|
|
, p11-kit
|
|
|
|
, gettext
|
|
|
|
, nspr
|
|
|
|
, nss
|
|
|
|
, _389-ds-base
|
|
|
|
, svrcore
|
|
|
|
, libuuid
|
|
|
|
, talloc
|
|
|
|
, tevent
|
|
|
|
, samba
|
|
|
|
, libunistring
|
|
|
|
, libverto
|
|
|
|
, libpwquality
|
|
|
|
, systemd
|
|
|
|
, python3
|
|
|
|
, bind
|
|
|
|
, sssd
|
|
|
|
, jre
|
|
|
|
, rhino
|
|
|
|
, lesscpy
|
|
|
|
, jansson
|
|
|
|
, runtimeShell
|
|
|
|
}:
|
|
|
|
|
|
|
|
let
|
|
|
|
pathsPy = ./paths.py;
|
|
|
|
|
|
|
|
pythonInputs = with python3.pkgs; [
|
|
|
|
six
|
|
|
|
python-ldap
|
|
|
|
dnspython
|
|
|
|
netaddr
|
|
|
|
netifaces
|
|
|
|
gssapi
|
|
|
|
dogtag-pki
|
|
|
|
pyasn1
|
|
|
|
sssd
|
|
|
|
cffi
|
|
|
|
lxml
|
|
|
|
dbus-python
|
|
|
|
cryptography
|
|
|
|
python-memcached
|
|
|
|
qrcode
|
|
|
|
pyusb
|
|
|
|
yubico
|
|
|
|
setuptools
|
|
|
|
jinja2
|
|
|
|
augeas
|
|
|
|
samba
|
|
|
|
];
|
|
|
|
in
|
|
|
|
stdenv.mkDerivation rec {
|
|
|
|
pname = "freeipa";
|
2023-07-15 17:15:38 +00:00
|
|
|
version = "4.10.2";
|
2023-04-12 12:48:02 +00:00
|
|
|
|
|
|
|
src = fetchurl {
|
|
|
|
url = "https://releases.pagure.org/freeipa/freeipa-${version}.tar.gz";
|
2023-07-15 17:15:38 +00:00
|
|
|
sha256 = "sha256-9DbfxJeEUGnBE7pULTPrVgqRePILUFk4Kn0WFNmcFVg=";
|
2023-04-12 12:48:02 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
nativeBuildInputs = [
|
|
|
|
python3.pkgs.wrapPython
|
|
|
|
jre
|
|
|
|
rhino
|
|
|
|
lesscpy
|
|
|
|
automake
|
|
|
|
autoconf
|
|
|
|
gettext
|
2023-04-29 16:46:19 +00:00
|
|
|
pkg-config
|
2023-04-12 12:48:02 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
buildInputs = [
|
|
|
|
kerberos
|
|
|
|
openldap
|
|
|
|
popt
|
|
|
|
sasl
|
|
|
|
curl
|
|
|
|
xmlrpc_c
|
|
|
|
ding-libs
|
|
|
|
p11-kit
|
|
|
|
python3
|
|
|
|
nspr
|
|
|
|
nss
|
|
|
|
_389-ds-base
|
|
|
|
svrcore
|
|
|
|
libuuid
|
|
|
|
talloc
|
|
|
|
tevent
|
|
|
|
samba
|
|
|
|
libunistring
|
|
|
|
libverto
|
|
|
|
systemd
|
|
|
|
bind
|
|
|
|
libpwquality
|
|
|
|
jansson
|
|
|
|
] ++ pythonInputs;
|
|
|
|
|
|
|
|
postPatch = ''
|
|
|
|
patchShebangs makeapi makeaci install/ui/util
|
|
|
|
|
|
|
|
substituteInPlace ipaplatform/setup.py \
|
|
|
|
--replace 'ipaplatform.debian' 'ipaplatform.nixos'
|
|
|
|
|
|
|
|
substituteInPlace ipasetup.py.in \
|
|
|
|
--replace 'int(v)' 'int(v.replace("post", ""))'
|
|
|
|
|
|
|
|
substituteInPlace client/ipa-join.c \
|
|
|
|
--replace /usr/sbin/ipa-getkeytab $out/bin/ipa-getkeytab
|
|
|
|
|
|
|
|
cp -r ipaplatform/{fedora,nixos}
|
|
|
|
substitute ${pathsPy} ipaplatform/nixos/paths.py \
|
|
|
|
--subst-var out \
|
|
|
|
--subst-var-by bind ${bind.dnsutils} \
|
|
|
|
--subst-var-by curl ${curl} \
|
|
|
|
--subst-var-by kerberos ${kerberos}
|
|
|
|
'';
|
|
|
|
|
|
|
|
NIX_CFLAGS_COMPILE = "-I${_389-ds-base}/include/dirsrv";
|
|
|
|
pythonPath = pythonInputs;
|
|
|
|
|
|
|
|
# Building and installing the server fails with silent Rhino errors, skipping
|
|
|
|
# for now. Need a newer Rhino version.
|
|
|
|
#buildFlags = [ "client" "server" ]
|
|
|
|
|
|
|
|
configureFlags = [
|
|
|
|
"--with-systemdsystemunitdir=$out/lib/systemd/system"
|
|
|
|
"--with-ipaplatform=nixos"
|
|
|
|
"--disable-server"
|
|
|
|
];
|
|
|
|
|
|
|
|
postInstall = ''
|
|
|
|
echo "
|
|
|
|
#!${runtimeShell}
|
|
|
|
echo 'ipa-client-install is not available on NixOS. Please see security.ipa, instead.'
|
|
|
|
exit 1
|
|
|
|
" > $out/sbin/ipa-client-install
|
|
|
|
'';
|
|
|
|
|
|
|
|
postFixup = ''
|
|
|
|
wrapPythonPrograms
|
|
|
|
rm -rf $out/etc/ipa $out/var/lib/ipa-client/sysrestore
|
|
|
|
'';
|
|
|
|
|
|
|
|
meta = with lib; {
|
|
|
|
description = "Identity, Policy and Audit system";
|
|
|
|
longDescription = ''
|
|
|
|
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
|
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
|
(host access control, SELinux user roles, services). The solution provides
|
|
|
|
features for further integration with Linux based clients (SUDO, automount)
|
|
|
|
and integration with Active Directory based infrastructures (Trusts).
|
|
|
|
'';
|
|
|
|
homepage = "https://www.freeipa.org/";
|
|
|
|
license = licenses.gpl3Plus;
|
|
|
|
maintainers = [ maintainers.s1341 ];
|
|
|
|
platforms = platforms.linux;
|
|
|
|
};
|
|
|
|
}
|