depot/third_party/nixpkgs/pkgs/servers/ldap/389/default.nix
Default email f34ce41345 Project import generated by Copybara.
GitOrigin-RevId: b73c2221a46c13557b1b3be9c2070cc42cf01eb3
2024-07-27 08:49:29 +02:00

164 lines
3.7 KiB
Nix

{ lib
, stdenv
, fetchFromGitHub
, autoconf
, automake
, cargo
, libtool
, pkg-config
, cracklib
, lmdb
, json_c
, linux-pam
, libevent
, libxcrypt
, nspr
, nss
, openldap
, withOpenldap ? true
, db
, withBdb ? true
, cyrus_sasl
, icu
, net-snmp
, withNetSnmp ? true
, krb5
, pcre2
, python3
, rustPlatform
, rustc
, openssl
, withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd
, zlib
, rsync
, fetchpatch
, withCockpit ? true
, withAsan ? false
}:
stdenv.mkDerivation rec {
pname = "389-ds-base";
version = "2.4.5";
src = fetchFromGitHub {
owner = "389ds";
repo = pname;
rev = "${pname}-${version}";
hash = "sha256-12JCd2R00L0T5EPUNO/Aw2HRID+z2krNQ09RSX9Qkj8=";
};
patches = [
(fetchpatch {
name = "fix-32bit.patch";
url = "https://github.com/389ds/389-ds-base/commit/1fe029c495cc9f069c989cfbb09d449a078c56e2.patch";
hash = "sha256-b0HSaDjuEUKERIXKg8np+lZDdZNmrCTAXybJzF+0hq0=";
})
(fetchpatch {
name = "CVE-2024-2199.patch";
url = "https://git.rockylinux.org/staging/rpms/389-ds-base/-/raw/dae373bd6b4e7d6f35a096e6f27be1c3bf1e48ac/SOURCES/0004-CVE-2024-2199.patch";
hash = "sha256-grANphTafCoa9NQy+FowwPhGQnvuCbfGnSpQ1Wp69Vg=";
})
(fetchpatch {
name = "CVE-2024-3657.patch";
url = "https://git.rockylinux.org/staging/rpms/389-ds-base/-/raw/dae373bd6b4e7d6f35a096e6f27be1c3bf1e48ac/SOURCES/0005-CVE-2024-3657.patch";
hash = "sha256-CuiCXQp3PMiYERzFk7oH3T91yQ1dP/gtLNWF0eqGAQ4=";
})
];
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
sourceRoot = "${src.name}/src";
name = "${pname}-${version}";
hash = "sha256-fE3bJROwti9Ru0jhCiWhXcuQdxXTqzN9yOd2nlhKABI=";
};
nativeBuildInputs = [
autoconf
automake
libtool
pkg-config
python3
cargo
rustc
]
++ lib.optional withCockpit rsync;
buildInputs = [
cracklib
lmdb
json_c
linux-pam
libevent
libxcrypt
nspr
nss
cyrus_sasl
icu
krb5
pcre2
openssl
zlib
]
++ lib.optional withSystemd systemd
++ lib.optional withOpenldap openldap
++ lib.optional withBdb db
++ lib.optional withNetSnmp net-snmp;
postPatch = ''
patchShebangs ./buildnum.py ./ldap/servers/slapd/mkDBErrStrs.py
'';
preConfigure = ''
./autogen.sh --prefix="$out"
'';
preBuild = ''
mkdir -p ./vendor
tar -xzf ${cargoDeps} -C ./vendor --strip-components=1
'';
configureFlags = [
"--enable-rust-offline"
"--enable-autobind"
]
++ lib.optionals withSystemd [
"--with-systemd"
"--with-systemdsystemunitdir=${placeholder "out"}/etc/systemd/system"
] ++ lib.optionals withOpenldap [
"--with-openldap"
] ++ lib.optionals withBdb [
"--with-db-inc=${lib.getDev db}/include"
"--with-db-lib=${lib.getLib db}/lib"
] ++ lib.optionals withNetSnmp [
"--with-netsnmp-inc=${lib.getDev net-snmp}/include"
"--with-netsnmp-lib=${lib.getLib net-snmp}/lib"
] ++ lib.optionals (!withCockpit) [
"--disable-cockpit"
] ++ lib.optionals withAsan [
"--enable-asan"
"--enable-debug"
];
enableParallelBuilding = true;
# Disable parallel builds as those lack some dependencies:
# ld: cannot find -lslapd: No such file or directory
# https://hydra.nixos.org/log/h38bj77gav0r6jbi4bgzy1lfjq22k2wy-389-ds-base-2.3.1.drv
enableParallelInstalling = false;
doCheck = true;
installFlags = [
"sysconfdir=${placeholder "out"}/etc"
"localstatedir=${placeholder "TMPDIR"}"
];
passthru.version = version;
meta = with lib; {
homepage = "https://www.port389.org/";
description = "Enterprise-class Open Source LDAP server for Linux";
license = licenses.gpl3Plus;
platforms = platforms.linux;
maintainers = [ maintainers.ners ];
};
}