{ lib, stdenv, fetchurl, bootstrap_cmds, byacc, # can also use bison, but byacc has fewer dependencies darwin, keyutils, openssl, perl, pkg-config, # for passthru.tests bind, curl, nixosTests, openssh, postgresql, python3, # Extra Arguments withLdap ? false, openldap, withLibedit ? true, libedit, withVerto ? false, libverto, # This is called "staticOnly" because krb5 does not support # builting both static and shared, see below. staticOnly ? false, }: stdenv.mkDerivation rec { pname = "krb5"; version = "1.21.3"; src = fetchurl { url = "https://kerberos.org/dist/krb5/${lib.versions.majorMinor version}/krb5-${version}.tar.gz"; hash = "sha256-t6TNXq1n+wi5gLIavRUP9yF+heoyDJ7QxtrdMEhArTU="; }; outputs = [ "out" "lib" "dev" ]; # While "out" acts as the bin output, most packages only care about the lib output. # We set prefix such that all the pkg-config configuration stays inside the dev and lib outputs. # stdenv will take care of overriding bindir, sbindir, etc. such that "out" contains the binaries. prefix = builtins.placeholder "lib"; env = lib.optionalAttrs stdenv.hostPlatform.isStatic { NIX_CFLAGS_COMPILE = "-fcommon"; }; configureFlags = [ "--localstatedir=/var/lib" (lib.withFeature withLdap "ldap") (lib.withFeature withLibedit "libedit") (lib.withFeature withVerto "system-verto") ] # krb5's ./configure does not allow passing --enable-shared and --enable-static at the same time. # See https://bbs.archlinux.org/viewtopic.php?pid=1576737#p1576737 ++ lib.optionals staticOnly [ "--enable-static" "--disable-shared" ] ++ lib.optional stdenv.hostPlatform.isFreeBSD ''WARN_CFLAGS='' ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ "krb5_cv_attr_constructor_destructor=yes,yes" "ac_cv_func_regcomp=yes" "ac_cv_printf_positional=yes" ]; nativeBuildInputs = [ byacc perl pkg-config ] # Provides the mig command used by the build scripts ++ lib.optional stdenv.hostPlatform.isDarwin bootstrap_cmds; buildInputs = [ openssl ] ++ lib.optionals ( stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "bionic" && !(stdenv.hostPlatform.useLLVM or false) ) [ keyutils ] ++ lib.optionals withLdap [ openldap ] ++ lib.optionals withLibedit [ libedit ] ++ lib.optionals withVerto [ libverto ]; propagatedBuildInputs = lib.optionals stdenv.hostPlatform.isDarwin ( with darwin.apple_sdk; [ libs.xpc frameworks.Kerberos ] ); sourceRoot = "krb5-${version}/src"; postPatch = '' substituteInPlace config/shlib.conf \ --replace "'ld " "'${stdenv.cc.targetPrefix}ld " '' # this could be accomplished by updateAutotoolsGnuConfigScriptsHook, but that causes infinite recursion # necessary for FreeBSD code path in configure + '' substituteInPlace ./config/config.guess --replace-fail /usr/bin/uname uname ''; libFolders = [ "util" "include" "lib" "build-tools" ]; # To avoid cyclic outputs, we can't let lib depend on out in any way. Unfortunately, the configure # options don't give us enough granularity to specify that, so we have to override the generated # Makefiles manually. postConfigure = '' find $libFolders -type f -name Makefile -print0 | while IFS= read -rd "" f; do substituteInPlace "$f" --replace-fail "$out" "$lib" done ''; preInstall = '' mkdir -p "$lib"/{bin,sbin,lib/pkgconfig,share/{et,man/man1}} ''; # not via outputBin, due to reference from libkrb5.so postInstall = '' moveToOutput bin/krb5-config "$dev" ''; # Disable _multioutDocs in stdenv by overriding it to be a no-op. # We do this because $lib has its own docs and we don't want to squash them into $out. preFixup = '' _multioutDocs() { echo Skipping multioutDocs } ''; enableParallelBuilding = true; doCheck = false; # fails with "No suitable file for testing purposes" meta = with lib; { description = "MIT Kerberos 5"; homepage = "http://web.mit.edu/kerberos/"; license = licenses.mit; platforms = platforms.unix ++ platforms.windows; }; passthru = { implementation = "krb5"; tests = { inherit (nixosTests) kerberos; inherit (python3.pkgs) requests-credssp; bind = bind.override { enableGSSAPI = true; }; curl = curl.override { gssSupport = true; }; openssh = openssh.override { withKerberos = true; }; postgresql = postgresql.override { gssSupport = true; }; }; }; }