[jackhill/guix/guix.git] / gnu / packages / sssd.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017, 2018, 2022 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2021 Timotej Lazar <timotej.lazar@araneo.si>
;;; Copyright © 2021, 2022 Remco van 't Veer <remco@remworks.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages sssd)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix gexp)
  #:use-module (guix git-download)
  #:use-module (guix utils)
  #:use-module (guix build utils)
  #:use-module (guix build-system gnu)
  #:use-module (gnu packages)
  #:use-module (gnu packages)
  #:use-module (gnu packages adns)
  #:use-module (gnu packages augeas)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages check)
  #:use-module (gnu packages crypto)
  #:use-module (gnu packages curl)
  #:use-module (gnu packages cyrus-sasl)
  #:use-module (gnu packages databases)
  #:use-module (gnu packages dns)
  #:use-module (gnu packages docbook)
  #:use-module (gnu packages documentation)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages glib)
  #:use-module (gnu packages jose)
  #:use-module (gnu packages kerberos)
  #:use-module (gnu packages libunistring)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages nss)
  #:use-module (gnu packages openldap)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages pcre)
  #:use-module (gnu packages popt)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages samba)
  #:use-module (gnu packages security-token)
  #:use-module (gnu packages selinux)
  #:use-module (gnu packages ssh)
  #:use-module (gnu packages web)
  #:use-module (gnu packages xml))

(define-public adcli
  (package
    (name "adcli")
    (version "0.9.1")
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://gitlab.freedesktop.org/realmd/adcli.git")
             (commit version)))
       (file-name (git-file-name name version))
       (sha256
        (base32 "1mwzd5vakdsssdvs6vljqpp8pw8i97n5lhxvmn9dn9720am7hfv7"))))
    (build-system gnu-build-system)
    (arguments
     `(#:configure-flags
       ;; The net tool is used to update the stored machine key for samba.
       (list (string-append "--with-samba-data-tool="
                            (assoc-ref %build-inputs "samba") "/bin/net"))
       #:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'use-local-docbook
           ;; Patch Makefile and docs to use local docbook resources.
           (lambda _
             (let* ((docbook-xml (assoc-ref %build-inputs "docbook-xml"))
                    (docbook-xsl (assoc-ref %build-inputs "docbook-xsl"))
                    (xsldir (string-append docbook-xsl "/xml/xsl/docbook-xsl-"
                                           ,(package-version docbook-xsl))))
                    (with-directory-excursion "doc"
                      (substitute*
                          '("Makefile.am" "adcli.xml" "adcli-devel.xml" "adcli-docs.xml")
                        (("http://docbook.sourceforge.net/release/xsl/current(/[^\"]*)" _ path)
                         (string-append xsldir path))
                        (("http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd")
                         (string-append docbook-xml "/xml/dtd/docbook/docbookx.dtd")))
                      (substitute* "Makefile.am"
                        (("\\$\\(XMLTO\\)" xmlto)
                         (string-append xmlto " --searchpath " xsldir "/html"))))))))))
    (native-inputs
     (list autoconf
           automake
           docbook-xml
           docbook-xsl
           libtool
           libxslt
           util-linux ; For `rev` command used in tests.
           xmlto))
    (inputs
     (list cyrus-sasl mit-krb5 samba openldap))
    (home-page "https://gitlab.freedesktop.org/realmd/adcli/")
    (synopsis "Helper library and tools for Active Directory client operations")
    (description "@command{adcli} is a command‐line tool to join a computer to
an Active Directory domain.  It can also update the machine password and
manage user, group and computer accounts for a domain.")
    (license license:lgpl2.1+)))

(define-public ding-libs
  (package
    (name "ding-libs")
    (version "0.6.2")
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/SSSD/ding-libs")
             (commit version)))
       (file-name (git-file-name name version))
       (sha256
        (base32 "17x3gj2yrjb6h7ml97xlim310x8s54n238p3ns2bj3mxifqkx0mf"))))
    (build-system gnu-build-system)
    (arguments
     (list #:configure-flags
           '(list "--disable-static")))
    (native-inputs (list autoconf automake gettext-minimal libtool pkg-config))
    (home-page "https://pagure.io/SSSD/ding-libs/")
    (synopsis "Libraries for SSSD")
    (description
     "DING-LIBS (DING Is Not Glib) are a set of small, useful libraries that
the @dfn{System Security Services Daemon} (SSSD) uses and makes available to
other projects.  They include: libdhash, an implementation of a dynamic hash
table which will dynamically resize to achieve optimal storage and access time
properties; ini_config, a library for parsing and managing @code{INI} files;
path_utils, a library to manage UNIX paths and subsets of paths; collection, a
generic, hierarchical grouping mechanism for complex data sets; ref_array, a
dynamically-growing, reference-counted array; libbasicobjects, a set of
fundamental object types for C.")
    (license license:lgpl3+)))

(define-public sssd
  (package
    (name "sssd")
    (version "2.7.3")
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/SSSD/sssd")
             (commit version)))
       (file-name (git-file-name name version))
       (sha256
        (base32 "18kcg82gcf5wgmaq5w9fszv9sg3d93yqm39p1npr8kw8b9203n4r"))
       (patches (search-patches "sssd-optional-systemd.patch"
                                "sssd-system-directories.patch"))))
    (build-system gnu-build-system)
    (arguments
     (list
      #:make-flags
      #~(list (string-append "CFLAGS=-DRENEWAL_PROG_PATH=\\\""
                             #$(this-package-input "adcli") "/sbin/adcli"
                             "\\\"")
              (string-append "DOCBOOK_XSLT="
                             #$(this-package-native-input "docbook-xsl")
                             "/xml/xsl/docbook-xsl-"
                             #$(package-version (this-package-native-input "docbook-xsl"))
                             "/manpages/docbook.xsl")
              ;; Remove "--postvalid" option, because that requires access to
              ;; online DTDs.
              "XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout")
      #:configure-flags
      #~(list "--localstatedir=/var" ; for /var/lib/sss, /var/run/sssd.pid, etc.
              "--sysconfdir=/etc"    ; /etc/sssd

              "--disable-cifs-idmap-plugin"
              "--without-nfsv4-idmapd-plugin"
              (string-append "--with-plugin-path="
                             #$output "/lib/sssd")
              (string-append "--with-krb5-plugin-path="
                             #$output "/lib/krb5/plugins/libkrb5")
              (string-append "--with-cifs-plugin-path="
                             #$output "/lib/cifs-utils")
              (string-append "--with-init-dir="
                             #$output "/etc/init.d")
              (string-append "--with-ldb-lib-dir="
                             #$output "/lib/ldb/modules/ldb")
              (string-append "--with-xml-catalog-path="
                             #$(this-package-native-input "docbook-xml")
                             "/xml/dtd/docbook/catalog.xml"))
      #:phases
      #~(modify-phases %standard-phases
          (add-after 'patch-source-shebangs 'patch-more-shebangs
            (lambda _
              (substitute* '("src/tools/analyzer/sss_analyze"
                             "src/tools/sss_obfuscate")
                (("#!/usr/bin/.*python")
                 (string-append "#!" #$(this-package-input "python") "/bin/python3")))))
          (add-before 'bootstrap 'fix-configure-macros
            (lambda _
              ;; A configure test for nsupdate realm support fails without this.
              (substitute* "src/external/nsupdate.m4"
                (("\\$NSUPDATE ") "$NSUPDATE -i "))
              ;; Let tests find softhsm lib.
              (substitute* "src/external/test_ca.m4"
                (("/usr/lib/softhsm")
                 (string-append #$(this-package-native-input "softhsm")
                                "/lib/softhsm")))))
          (add-before 'configure 'disable-failing-tests
            (lambda _
              ;; Disable tests that needs /etc/passwd.
              (substitute* "Makefile.am"
                (("pam-srv-tests") "")
                (("test-negcache") ""))
              ;; This test fails for unknown reason.
              (substitute* "src/tests/responder_socket_access-tests.c"
                (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") ""))))
          (add-before 'check 'set-libpython-path
            (lambda _
              (setenv "LD_LIBRARY_PATH"
                      (string-append #$(this-package-input "python") "/lib"))))
          (add-after 'install 'remove-static-libs
            (lambda _
              ;; Remove a static library that produces a (harmless) warning
              ;; when starting a program that uses sssd’s LDB modules.
              (delete-file
               (string-append #$output "/lib/ldb/modules/ldb/memberof.la"))))
          (add-after 'install 'wrap-binaries
            (lambda _
              (with-directory-excursion #$output
                ;; Set path to LDB modules for sssd and utilities.
                (for-each (lambda (bin)
                            (wrap-program (string-append "sbin/" bin)
                              `("LDB_MODULES_PATH" ":" prefix
                                (,(string-append #$output "/lib/ldb/modules/ldb")))))
                          '("sssd" "sssctl" "sss_cache" "sss_override" "sss_seed"))
                ;; Set path to sssd’s site-packages for scripts.
                (for-each (lambda (script)
                            (wrap-program script
                              `("GUIX_PYTHONPATH" ":" prefix
                                (,(string-append #$output "/lib/python"
                                                 #$(version-major+minor
                                                    (package-version
                                                     (this-package-input "python")))
                                                 "/site-packages")))))
                          '("libexec/sssd/sss_analyze" "sbin/sss_obfuscate"))))))))
    (inputs
     (list adcli
           bash-minimal
           c-ares
           curl ; for OpenID Connect support
           cyrus-sasl
           dbus
           ding-libs
           glib
           gnutls
           http-parser
           `(,isc-bind "utils")
           jansson
           jose ; for OpenID Connect support
           keyutils
           ldb
           libnl
           libselinux
           libsemanage
           libunistring
           linux-pam
           mit-krb5
           nss
           openldap
           openssl
           p11-kit ; for PKCS#11 support
           pcre2
           popt
           python
           samba
           talloc
           tdb
           tevent))
    (native-inputs
     (list autoconf
           automake
           check ; for tests
           cmocka ; for tests
           docbook-xml
           docbook-xsl
           doxygen
           gettext-minimal
           libfaketime ; for tests
           libtool
           libxml2 ; for xmllint
           libxslt
           openssh ; for tests
           pkg-config
           po4a
           softhsm ; for tests
           `(,util-linux "lib"))) ; for uuid.h, reqired for KCM
    (home-page "https://pagure.io/SSSD/sssd/")
    (synopsis "System security services daemon")
    (description "SSSD is a system daemon.  Its primary function is to provide
access to identity and authentication remote resource through a common
framework that can provide caching and offline support to the system.  It
provides PAM and NSS modules, and in the future will support D-BUS based
interfaces for extended user information.  It also provides a better database
to store local users as well as extended user data.")
    (license license:gpl3+)))
Commit	Line	Data
dbe874dc RW	1	;;; GNU Guix --- Functional package management for GNU
dbe874dc RW	2	;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
b00f2728	3	;;; Copyright © 2017, 2018, 2022 Tobias Geerinckx-Rice <me@tobias.gr>
b94098af	4	;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
6be0bdf5	5	;;; Copyright © 2021 Timotej Lazar <timotej.lazar@araneo.si>
a7fb50b5	6	;;; Copyright © 2021, 2022 Remco van 't Veer <remco@remworks.net>
dbe874dc RW	7	;;;
	8	;;; This file is part of GNU Guix.
	9	;;;
	10	;;; GNU Guix is free software; you can redistribute it and/or modify it
	11	;;; under the terms of the GNU General Public License as published by
	12	;;; the Free Software Foundation; either version 3 of the License, or (at
	13	;;; your option) any later version.
	14	;;;
	15	;;; GNU Guix is distributed in the hope that it will be useful, but
	16	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	17	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	;;; GNU General Public License for more details.
	19	;;;
	20	;;; You should have received a copy of the GNU General Public License
	21	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	22
	23	(define-module (gnu packages sssd)
	24	#:use-module ((guix licenses) #:prefix license:)
	25	#:use-module (guix packages)
	26	#:use-module (guix download)
3e59d41d	27	#:use-module (guix gexp)
6be0bdf5	28	#:use-module (guix git-download)
dbe874dc	29	#:use-module (guix utils)
3e59d41d	30	#:use-module (guix build utils)
dbe874dc	31	#:use-module (guix build-system gnu)
7fe4e556 RW	32	#:use-module (gnu packages)
	33	#:use-module (gnu packages)
	34	#:use-module (gnu packages adns)
	35	#:use-module (gnu packages augeas)
6be0bdf5	36	#:use-module (gnu packages autotools)
3e59d41d	37	#:use-module (gnu packages bash)
7fe4e556	38	#:use-module (gnu packages check)
3e59d41d	39	#:use-module (gnu packages crypto)
7fe4e556 RW	40	#:use-module (gnu packages curl)
	41	#:use-module (gnu packages cyrus-sasl)
	42	#:use-module (gnu packages databases)
	43	#:use-module (gnu packages dns)
	44	#:use-module (gnu packages docbook)
	45	#:use-module (gnu packages documentation)
3e59d41d	46	#:use-module (gnu packages gettext)
7fe4e556	47	#:use-module (gnu packages glib)
3e59d41d	48	#:use-module (gnu packages jose)
aff0cce9	49	#:use-module (gnu packages kerberos)
7fe4e556 RW	50	#:use-module (gnu packages libunistring)
7fe4e556 RW	51	#:use-module (gnu packages linux)
aff0cce9	52	#:use-module (gnu packages nss)
7fe4e556 RW	53	#:use-module (gnu packages openldap)
	54	#:use-module (gnu packages tls)
	55	#:use-module (gnu packages pcre)
	56	#:use-module (gnu packages popt)
	57	#:use-module (gnu packages pkg-config)
3e59d41d	58	#:use-module (gnu packages python)
7fe4e556	59	#:use-module (gnu packages samba)
3e59d41d	60	#:use-module (gnu packages security-token)
7fe4e556	61	#:use-module (gnu packages selinux)
3e59d41d	62	#:use-module (gnu packages ssh)
7fe4e556 RW	63	#:use-module (gnu packages web)
7fe4e556 RW	64	#:use-module (gnu packages xml))
dbe874dc	65
6be0bdf5 TL	66	(define-public adcli
	67	(package
	68	(name "adcli")
	69	(version "0.9.1")
	70	(source
	71	(origin
	72	(method git-fetch)
	73	(uri (git-reference
	74	(url "https://gitlab.freedesktop.org/realmd/adcli.git")
	75	(commit version)))
	76	(file-name (git-file-name name version))
	77	(sha256
	78	(base32 "1mwzd5vakdsssdvs6vljqpp8pw8i97n5lhxvmn9dn9720am7hfv7"))))
	79	(build-system gnu-build-system)
	80	(arguments
	81	`(#:configure-flags
	82	;; The net tool is used to update the stored machine key for samba.
	83	(list (string-append "--with-samba-data-tool="
	84	(assoc-ref %build-inputs "samba") "/bin/net"))
	85	#:phases
	86	(modify-phases %standard-phases
	87	(add-after 'unpack 'use-local-docbook
	88	;; Patch Makefile and docs to use local docbook resources.
	89	(lambda _
	90	(let* ((docbook-xml (assoc-ref %build-inputs "docbook-xml"))
	91	(docbook-xsl (assoc-ref %build-inputs "docbook-xsl"))
	92	(xsldir (string-append docbook-xsl "/xml/xsl/docbook-xsl-"
	93	,(package-version docbook-xsl))))
	94	(with-directory-excursion "doc"
	95	(substitute*
	96	'("Makefile.am" "adcli.xml" "adcli-devel.xml" "adcli-docs.xml")
	97	(("http://docbook.sourceforge.net/release/xsl/current(/[^\"]*)" _ path)
	98	(string-append xsldir path))
	99	(("http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd")
	100	(string-append docbook-xml "/xml/dtd/docbook/docbookx.dtd")))
	101	(substitute* "Makefile.am"
	102	(("\\$\\(XMLTO\\)" xmlto)
	103	(string-append xmlto " --searchpath " xsldir "/html"))))))))))
	104	(native-inputs
8394619b LC	105	(list autoconf
	106	automake
	107	docbook-xml
	108	docbook-xsl
	109	libtool
	110	libxslt
	111	util-linux ; For `rev` command used in tests.
	112	xmlto))
6be0bdf5	113	(inputs
8394619b	114	(list cyrus-sasl mit-krb5 samba openldap))
6be0bdf5 TL	115	(home-page "https://gitlab.freedesktop.org/realmd/adcli/")
	116	(synopsis "Helper library and tools for Active Directory client operations")
	117	(description "@command{adcli} is a command‐line tool to join a computer to
	118	an Active Directory domain. It can also update the machine password and
	119	manage user, group and computer accounts for a domain.")
	120	(license license:lgpl2.1+)))
	121
dbe874dc RW	122	(define-public ding-libs
	123	(package
	124	(name "ding-libs")
748e7de3	125	(version "0.6.2")
b00f2728 TGR	126	(source
	127	(origin
	128	(method git-fetch)
	129	(uri (git-reference
	130	(url "https://github.com/SSSD/ding-libs")
	131	(commit version)))
	132	(file-name (git-file-name name version))
	133	(sha256
748e7de3	134	(base32 "17x3gj2yrjb6h7ml97xlim310x8s54n238p3ns2bj3mxifqkx0mf"))))
dbe874dc	135	(build-system gnu-build-system)
29cd7f79 TGR	136	(arguments
	137	(list #:configure-flags
	138	'(list "--disable-static")))
748e7de3	139	(native-inputs (list autoconf automake gettext-minimal libtool pkg-config))
dbe874dc RW	140	(home-page "https://pagure.io/SSSD/ding-libs/")
	141	(synopsis "Libraries for SSSD")
	142	(description
	143	"DING-LIBS (DING Is Not Glib) are a set of small, useful libraries that
	144	the @dfn{System Security Services Daemon} (SSSD) uses and makes available to
	145	other projects. They include: libdhash, an implementation of a dynamic hash
	146	table which will dynamically resize to achieve optimal storage and access time
	147	properties; ini_config, a library for parsing and managing @code{INI} files;
	148	path_utils, a library to manage UNIX paths and subsets of paths; collection, a
	149	generic, hierarchical grouping mechanism for complex data sets; ref_array, a
	150	dynamically-growing, reference-counted array; libbasicobjects, a set of
	151	fundamental object types for C.")
	152	(license license:lgpl3+)))
7fe4e556	153
7fe4e556 RW	154	(define-public sssd
	155	(package
	156	(name "sssd")
a9fd0612	157	(version "2.7.3")
3e59d41d TL	158	(source
	159	(origin
	160	(method git-fetch)
	161	(uri (git-reference
	162	(url "https://github.com/SSSD/sssd")
	163	(commit version)))
	164	(file-name (git-file-name name version))
	165	(sha256
a9fd0612	166	(base32 "18kcg82gcf5wgmaq5w9fszv9sg3d93yqm39p1npr8kw8b9203n4r"))
3e59d41d TL	167	(patches (search-patches "sssd-optional-systemd.patch"
3e59d41d TL	168	"sssd-system-directories.patch"))))
7fe4e556 RW	169	(build-system gnu-build-system)
7fe4e556 RW	170	(arguments
3e59d41d TL	171	(list
	172	#:make-flags
	173	#~(list (string-append "CFLAGS=-DRENEWAL_PROG_PATH=\\\""
	174	#$(this-package-input "adcli") "/sbin/adcli"
	175	"\\\"")
	176	(string-append "DOCBOOK_XSLT="
	177	#$(this-package-native-input "docbook-xsl")
	178	"/xml/xsl/docbook-xsl-"
	179	#$(package-version (this-package-native-input "docbook-xsl"))
	180	"/manpages/docbook.xsl")
	181	;; Remove "--postvalid" option, because that requires access to
	182	;; online DTDs.
	183	"XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout")
	184	#:configure-flags
	185	#~(list "--localstatedir=/var" ; for /var/lib/sss, /var/run/sssd.pid, etc.
	186	"--sysconfdir=/etc" ; /etc/sssd
8df6900d	187
3e59d41d TL	188	"--disable-cifs-idmap-plugin"
	189	"--without-nfsv4-idmapd-plugin"
	190	(string-append "--with-plugin-path="
	191	#$output "/lib/sssd")
	192	(string-append "--with-krb5-plugin-path="
	193	#$output "/lib/krb5/plugins/libkrb5")
	194	(string-append "--with-cifs-plugin-path="
	195	#$output "/lib/cifs-utils")
	196	(string-append "--with-init-dir="
	197	#$output "/etc/init.d")
	198	(string-append "--with-ldb-lib-dir="
	199	#$output "/lib/ldb/modules/ldb")
	200	(string-append "--with-xml-catalog-path="
	201	#$(this-package-native-input "docbook-xml")
	202	"/xml/dtd/docbook/catalog.xml"))
	203	#:phases
	204	#~(modify-phases %standard-phases
	205	(add-after 'patch-source-shebangs 'patch-more-shebangs
	206	(lambda _
	207	(substitute* '("src/tools/analyzer/sss_analyze"
	208	"src/tools/sss_obfuscate")
	209	(("#!/usr/bin/.*python")
	210	(string-append "#!" #$(this-package-input "python") "/bin/python3")))))
	211	(add-before 'bootstrap 'fix-configure-macros
	212	(lambda _
	213	;; A configure test for nsupdate realm support fails without this.
	214	(substitute* "src/external/nsupdate.m4"
	215	(("\\$NSUPDATE ") "$NSUPDATE -i "))
	216	;; Let tests find softhsm lib.
	217	(substitute* "src/external/test_ca.m4"
	218	(("/usr/lib/softhsm")
	219	(string-append #$(this-package-native-input "softhsm")
	220	"/lib/softhsm")))))
	221	(add-before 'configure 'disable-failing-tests
	222	(lambda _
	223	;; Disable tests that needs /etc/passwd.
	224	(substitute* "Makefile.am"
	225	(("pam-srv-tests") "")
	226	(("test-negcache") ""))
	227	;; This test fails for unknown reason.
	228	(substitute* "src/tests/responder_socket_access-tests.c"
	229	(("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") ""))))
	230	(add-before 'check 'set-libpython-path
	231	(lambda _
	232	(setenv "LD_LIBRARY_PATH"
	233	(string-append #$(this-package-input "python") "/lib"))))
	234	(add-after 'install 'remove-static-libs
	235	(lambda _
	236	;; Remove a static library that produces a (harmless) warning
	237	;; when starting a program that uses sssd’s LDB modules.
	238	(delete-file
	239	(string-append #$output "/lib/ldb/modules/ldb/memberof.la"))))
	240	(add-after 'install 'wrap-binaries
	241	(lambda _
	242	(with-directory-excursion #$output
	243	;; Set path to LDB modules for sssd and utilities.
	244	(for-each (lambda (bin)
	245	(wrap-program (string-append "sbin/" bin)
	246	`("LDB_MODULES_PATH" ":" prefix
	247	(,(string-append #$output "/lib/ldb/modules/ldb")))))
	248	'("sssd" "sssctl" "sss_cache" "sss_override" "sss_seed"))
	249	;; Set path to sssd’s site-packages for scripts.
	250	(for-each (lambda (script)
	251	(wrap-program script
252	`("GUIX_PYTHONPATH" ":" prefix
253	(,(string-append #$output "/lib/python"
254	#$(version-major+minor
255	(package-version
256	(this-package-input "python")))
257	"/site-packages")))))
258	'("libexec/sssd/sss_analyze" "sbin/sss_obfuscate"))))))))
7fe4e556	259	(inputs
3e59d41d TL	260	(list adcli
3e59d41d TL	261	bash-minimal
8394619b	262	c-ares
3e59d41d	263	curl ; for OpenID Connect support
8394619b LC	264	cyrus-sasl
	265	dbus
	266	ding-libs
	267	glib
	268	gnutls
	269	http-parser
3e59d41d	270	`(,isc-bind "utils")
8394619b	271	jansson
3e59d41d TL	272	jose ; for OpenID Connect support
3e59d41d TL	273	keyutils
8394619b	274	ldb
3e59d41d	275	libnl
8394619b LC	276	libselinux
	277	libsemanage
	278	libunistring
	279	linux-pam
	280	mit-krb5
	281	nss
	282	openldap
	283	openssl
3e59d41d TL	284	p11-kit ; for PKCS#11 support
3e59d41d TL	285	pcre2
8394619b	286	popt
3e59d41d	287	python
8394619b LC	288	samba
	289	talloc
	290	tdb
	291	tevent))
7fe4e556	292	(native-inputs
3e59d41d TL	293	(list autoconf
	294	automake
	295	check ; for tests
	296	cmocka ; for tests
8394619b	297	docbook-xml
3e59d41d TL	298	docbook-xsl
	299	doxygen
	300	gettext-minimal
	301	libfaketime ; for tests
	302	libtool
8394619b LC	303	libxml2 ; for xmllint
8394619b LC	304	libxslt
3e59d41d	305	openssh ; for tests
8394619b	306	pkg-config
3e59d41d TL	307	po4a
	308	softhsm ; for tests
	309	`(,util-linux "lib"))) ; for uuid.h, reqired for KCM
7fe4e556 RW	310	(home-page "https://pagure.io/SSSD/sssd/")
	311	(synopsis "System security services daemon")
	312	(description "SSSD is a system daemon. Its primary function is to provide
	313	access to identity and authentication remote resource through a common
	314	framework that can provide caching and offline support to the system. It
65808ba4 TGR	315	provides PAM and NSS modules, and in the future will support D-BUS based
	316	interfaces for extended user information. It also provides a better database
	317	to store local users as well as extended user data.")
7fe4e556	318	(license license:gpl3+)))