Commit | Line | Data |
---|---|---|
dbe874dc RW |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net> | |
b00f2728 | 3 | ;;; Copyright © 2017, 2018, 2022 Tobias Geerinckx-Rice <me@tobias.gr> |
b94098af | 4 | ;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il> |
6be0bdf5 | 5 | ;;; Copyright © 2021 Timotej Lazar <timotej.lazar@araneo.si> |
a7fb50b5 | 6 | ;;; Copyright © 2021, 2022 Remco van 't Veer <remco@remworks.net> |
dbe874dc RW |
7 | ;;; |
8 | ;;; This file is part of GNU Guix. | |
9 | ;;; | |
10 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
11 | ;;; under the terms of the GNU General Public License as published by | |
12 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
13 | ;;; your option) any later version. | |
14 | ;;; | |
15 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
16 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ;;; GNU General Public License for more details. | |
19 | ;;; | |
20 | ;;; You should have received a copy of the GNU General Public License | |
21 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
22 | ||
23 | (define-module (gnu packages sssd) | |
24 | #:use-module ((guix licenses) #:prefix license:) | |
25 | #:use-module (guix packages) | |
26 | #:use-module (guix download) | |
3e59d41d | 27 | #:use-module (guix gexp) |
6be0bdf5 | 28 | #:use-module (guix git-download) |
dbe874dc | 29 | #:use-module (guix utils) |
3e59d41d | 30 | #:use-module (guix build utils) |
dbe874dc | 31 | #:use-module (guix build-system gnu) |
7fe4e556 RW |
32 | #:use-module (gnu packages) |
33 | #:use-module (gnu packages) | |
34 | #:use-module (gnu packages adns) | |
35 | #:use-module (gnu packages augeas) | |
6be0bdf5 | 36 | #:use-module (gnu packages autotools) |
3e59d41d | 37 | #:use-module (gnu packages bash) |
7fe4e556 | 38 | #:use-module (gnu packages check) |
3e59d41d | 39 | #:use-module (gnu packages crypto) |
7fe4e556 RW |
40 | #:use-module (gnu packages curl) |
41 | #:use-module (gnu packages cyrus-sasl) | |
42 | #:use-module (gnu packages databases) | |
43 | #:use-module (gnu packages dns) | |
44 | #:use-module (gnu packages docbook) | |
45 | #:use-module (gnu packages documentation) | |
3e59d41d | 46 | #:use-module (gnu packages gettext) |
7fe4e556 | 47 | #:use-module (gnu packages glib) |
3e59d41d | 48 | #:use-module (gnu packages jose) |
aff0cce9 | 49 | #:use-module (gnu packages kerberos) |
7fe4e556 RW |
50 | #:use-module (gnu packages libunistring) |
51 | #:use-module (gnu packages linux) | |
aff0cce9 | 52 | #:use-module (gnu packages nss) |
7fe4e556 RW |
53 | #:use-module (gnu packages openldap) |
54 | #:use-module (gnu packages tls) | |
55 | #:use-module (gnu packages pcre) | |
56 | #:use-module (gnu packages popt) | |
57 | #:use-module (gnu packages pkg-config) | |
3e59d41d | 58 | #:use-module (gnu packages python) |
7fe4e556 | 59 | #:use-module (gnu packages samba) |
3e59d41d | 60 | #:use-module (gnu packages security-token) |
7fe4e556 | 61 | #:use-module (gnu packages selinux) |
3e59d41d | 62 | #:use-module (gnu packages ssh) |
7fe4e556 RW |
63 | #:use-module (gnu packages web) |
64 | #:use-module (gnu packages xml)) | |
dbe874dc | 65 | |
6be0bdf5 TL |
66 | (define-public adcli |
67 | (package | |
68 | (name "adcli") | |
69 | (version "0.9.1") | |
70 | (source | |
71 | (origin | |
72 | (method git-fetch) | |
73 | (uri (git-reference | |
74 | (url "https://gitlab.freedesktop.org/realmd/adcli.git") | |
75 | (commit version))) | |
76 | (file-name (git-file-name name version)) | |
77 | (sha256 | |
78 | (base32 "1mwzd5vakdsssdvs6vljqpp8pw8i97n5lhxvmn9dn9720am7hfv7")))) | |
79 | (build-system gnu-build-system) | |
80 | (arguments | |
81 | `(#:configure-flags | |
82 | ;; The net tool is used to update the stored machine key for samba. | |
83 | (list (string-append "--with-samba-data-tool=" | |
84 | (assoc-ref %build-inputs "samba") "/bin/net")) | |
85 | #:phases | |
86 | (modify-phases %standard-phases | |
87 | (add-after 'unpack 'use-local-docbook | |
88 | ;; Patch Makefile and docs to use local docbook resources. | |
89 | (lambda _ | |
90 | (let* ((docbook-xml (assoc-ref %build-inputs "docbook-xml")) | |
91 | (docbook-xsl (assoc-ref %build-inputs "docbook-xsl")) | |
92 | (xsldir (string-append docbook-xsl "/xml/xsl/docbook-xsl-" | |
93 | ,(package-version docbook-xsl)))) | |
94 | (with-directory-excursion "doc" | |
95 | (substitute* | |
96 | '("Makefile.am" "adcli.xml" "adcli-devel.xml" "adcli-docs.xml") | |
97 | (("http://docbook.sourceforge.net/release/xsl/current(/[^\"]*)" _ path) | |
98 | (string-append xsldir path)) | |
99 | (("http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd") | |
100 | (string-append docbook-xml "/xml/dtd/docbook/docbookx.dtd"))) | |
101 | (substitute* "Makefile.am" | |
102 | (("\\$\\(XMLTO\\)" xmlto) | |
103 | (string-append xmlto " --searchpath " xsldir "/html")))))))))) | |
104 | (native-inputs | |
8394619b LC |
105 | (list autoconf |
106 | automake | |
107 | docbook-xml | |
108 | docbook-xsl | |
109 | libtool | |
110 | libxslt | |
111 | util-linux ; For `rev` command used in tests. | |
112 | xmlto)) | |
6be0bdf5 | 113 | (inputs |
8394619b | 114 | (list cyrus-sasl mit-krb5 samba openldap)) |
6be0bdf5 TL |
115 | (home-page "https://gitlab.freedesktop.org/realmd/adcli/") |
116 | (synopsis "Helper library and tools for Active Directory client operations") | |
117 | (description "@command{adcli} is a command‐line tool to join a computer to | |
118 | an Active Directory domain. It can also update the machine password and | |
119 | manage user, group and computer accounts for a domain.") | |
120 | (license license:lgpl2.1+))) | |
121 | ||
dbe874dc RW |
122 | (define-public ding-libs |
123 | (package | |
124 | (name "ding-libs") | |
748e7de3 | 125 | (version "0.6.2") |
b00f2728 TGR |
126 | (source |
127 | (origin | |
128 | (method git-fetch) | |
129 | (uri (git-reference | |
130 | (url "https://github.com/SSSD/ding-libs") | |
131 | (commit version))) | |
132 | (file-name (git-file-name name version)) | |
133 | (sha256 | |
748e7de3 | 134 | (base32 "17x3gj2yrjb6h7ml97xlim310x8s54n238p3ns2bj3mxifqkx0mf")))) |
dbe874dc | 135 | (build-system gnu-build-system) |
29cd7f79 TGR |
136 | (arguments |
137 | (list #:configure-flags | |
138 | '(list "--disable-static"))) | |
748e7de3 | 139 | (native-inputs (list autoconf automake gettext-minimal libtool pkg-config)) |
dbe874dc RW |
140 | (home-page "https://pagure.io/SSSD/ding-libs/") |
141 | (synopsis "Libraries for SSSD") | |
142 | (description | |
143 | "DING-LIBS (DING Is Not Glib) are a set of small, useful libraries that | |
144 | the @dfn{System Security Services Daemon} (SSSD) uses and makes available to | |
145 | other projects. They include: libdhash, an implementation of a dynamic hash | |
146 | table which will dynamically resize to achieve optimal storage and access time | |
147 | properties; ini_config, a library for parsing and managing @code{INI} files; | |
148 | path_utils, a library to manage UNIX paths and subsets of paths; collection, a | |
149 | generic, hierarchical grouping mechanism for complex data sets; ref_array, a | |
150 | dynamically-growing, reference-counted array; libbasicobjects, a set of | |
151 | fundamental object types for C.") | |
152 | (license license:lgpl3+))) | |
7fe4e556 | 153 | |
7fe4e556 RW |
154 | (define-public sssd |
155 | (package | |
156 | (name "sssd") | |
a9fd0612 | 157 | (version "2.7.3") |
3e59d41d TL |
158 | (source |
159 | (origin | |
160 | (method git-fetch) | |
161 | (uri (git-reference | |
162 | (url "https://github.com/SSSD/sssd") | |
163 | (commit version))) | |
164 | (file-name (git-file-name name version)) | |
165 | (sha256 | |
a9fd0612 | 166 | (base32 "18kcg82gcf5wgmaq5w9fszv9sg3d93yqm39p1npr8kw8b9203n4r")) |
3e59d41d TL |
167 | (patches (search-patches "sssd-optional-systemd.patch" |
168 | "sssd-system-directories.patch")))) | |
7fe4e556 RW |
169 | (build-system gnu-build-system) |
170 | (arguments | |
3e59d41d TL |
171 | (list |
172 | #:make-flags | |
173 | #~(list (string-append "CFLAGS=-DRENEWAL_PROG_PATH=\\\"" | |
174 | #$(this-package-input "adcli") "/sbin/adcli" | |
175 | "\\\"") | |
176 | (string-append "DOCBOOK_XSLT=" | |
177 | #$(this-package-native-input "docbook-xsl") | |
178 | "/xml/xsl/docbook-xsl-" | |
179 | #$(package-version (this-package-native-input "docbook-xsl")) | |
180 | "/manpages/docbook.xsl") | |
181 | ;; Remove "--postvalid" option, because that requires access to | |
182 | ;; online DTDs. | |
183 | "XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout") | |
184 | #:configure-flags | |
185 | #~(list "--localstatedir=/var" ; for /var/lib/sss, /var/run/sssd.pid, etc. | |
186 | "--sysconfdir=/etc" ; /etc/sssd | |
8df6900d | 187 | |
3e59d41d TL |
188 | "--disable-cifs-idmap-plugin" |
189 | "--without-nfsv4-idmapd-plugin" | |
190 | (string-append "--with-plugin-path=" | |
191 | #$output "/lib/sssd") | |
192 | (string-append "--with-krb5-plugin-path=" | |
193 | #$output "/lib/krb5/plugins/libkrb5") | |
194 | (string-append "--with-cifs-plugin-path=" | |
195 | #$output "/lib/cifs-utils") | |
196 | (string-append "--with-init-dir=" | |
197 | #$output "/etc/init.d") | |
198 | (string-append "--with-ldb-lib-dir=" | |
199 | #$output "/lib/ldb/modules/ldb") | |
200 | (string-append "--with-xml-catalog-path=" | |
201 | #$(this-package-native-input "docbook-xml") | |
202 | "/xml/dtd/docbook/catalog.xml")) | |
203 | #:phases | |
204 | #~(modify-phases %standard-phases | |
205 | (add-after 'patch-source-shebangs 'patch-more-shebangs | |
206 | (lambda _ | |
207 | (substitute* '("src/tools/analyzer/sss_analyze" | |
208 | "src/tools/sss_obfuscate") | |
209 | (("#!/usr/bin/.*python") | |
210 | (string-append "#!" #$(this-package-input "python") "/bin/python3"))))) | |
211 | (add-before 'bootstrap 'fix-configure-macros | |
212 | (lambda _ | |
213 | ;; A configure test for nsupdate realm support fails without this. | |
214 | (substitute* "src/external/nsupdate.m4" | |
215 | (("\\$NSUPDATE ") "$NSUPDATE -i ")) | |
216 | ;; Let tests find softhsm lib. | |
217 | (substitute* "src/external/test_ca.m4" | |
218 | (("/usr/lib/softhsm") | |
219 | (string-append #$(this-package-native-input "softhsm") | |
220 | "/lib/softhsm"))))) | |
221 | (add-before 'configure 'disable-failing-tests | |
222 | (lambda _ | |
223 | ;; Disable tests that needs /etc/passwd. | |
224 | (substitute* "Makefile.am" | |
225 | (("pam-srv-tests") "") | |
226 | (("test-negcache") "")) | |
227 | ;; This test fails for unknown reason. | |
228 | (substitute* "src/tests/responder_socket_access-tests.c" | |
229 | (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") "")))) | |
230 | (add-before 'check 'set-libpython-path | |
231 | (lambda _ | |
232 | (setenv "LD_LIBRARY_PATH" | |
233 | (string-append #$(this-package-input "python") "/lib")))) | |
234 | (add-after 'install 'remove-static-libs | |
235 | (lambda _ | |
236 | ;; Remove a static library that produces a (harmless) warning | |
237 | ;; when starting a program that uses sssd’s LDB modules. | |
238 | (delete-file | |
239 | (string-append #$output "/lib/ldb/modules/ldb/memberof.la")))) | |
240 | (add-after 'install 'wrap-binaries | |
241 | (lambda _ | |
242 | (with-directory-excursion #$output | |
243 | ;; Set path to LDB modules for sssd and utilities. | |
244 | (for-each (lambda (bin) | |
245 | (wrap-program (string-append "sbin/" bin) | |
246 | `("LDB_MODULES_PATH" ":" prefix | |
247 | (,(string-append #$output "/lib/ldb/modules/ldb"))))) | |
248 | '("sssd" "sssctl" "sss_cache" "sss_override" "sss_seed")) | |
249 | ;; Set path to sssd’s site-packages for scripts. | |
250 | (for-each (lambda (script) | |
251 | (wrap-program script | |
252 | `("GUIX_PYTHONPATH" ":" prefix | |
253 | (,(string-append #$output "/lib/python" | |
254 | #$(version-major+minor | |
255 | (package-version | |
256 | (this-package-input "python"))) | |
257 | "/site-packages"))))) | |
258 | '("libexec/sssd/sss_analyze" "sbin/sss_obfuscate")))))))) | |
7fe4e556 | 259 | (inputs |
3e59d41d TL |
260 | (list adcli |
261 | bash-minimal | |
8394619b | 262 | c-ares |
3e59d41d | 263 | curl ; for OpenID Connect support |
8394619b LC |
264 | cyrus-sasl |
265 | dbus | |
266 | ding-libs | |
267 | glib | |
268 | gnutls | |
269 | http-parser | |
3e59d41d | 270 | `(,isc-bind "utils") |
8394619b | 271 | jansson |
3e59d41d TL |
272 | jose ; for OpenID Connect support |
273 | keyutils | |
8394619b | 274 | ldb |
3e59d41d | 275 | libnl |
8394619b LC |
276 | libselinux |
277 | libsemanage | |
278 | libunistring | |
279 | linux-pam | |
280 | mit-krb5 | |
281 | nss | |
282 | openldap | |
283 | openssl | |
3e59d41d TL |
284 | p11-kit ; for PKCS#11 support |
285 | pcre2 | |
8394619b | 286 | popt |
3e59d41d | 287 | python |
8394619b LC |
288 | samba |
289 | talloc | |
290 | tdb | |
291 | tevent)) | |
7fe4e556 | 292 | (native-inputs |
3e59d41d TL |
293 | (list autoconf |
294 | automake | |
295 | check ; for tests | |
296 | cmocka ; for tests | |
8394619b | 297 | docbook-xml |
3e59d41d TL |
298 | docbook-xsl |
299 | doxygen | |
300 | gettext-minimal | |
301 | libfaketime ; for tests | |
302 | libtool | |
8394619b LC |
303 | libxml2 ; for xmllint |
304 | libxslt | |
3e59d41d | 305 | openssh ; for tests |
8394619b | 306 | pkg-config |
3e59d41d TL |
307 | po4a |
308 | softhsm ; for tests | |
309 | `(,util-linux "lib"))) ; for uuid.h, reqired for KCM | |
7fe4e556 RW |
310 | (home-page "https://pagure.io/SSSD/sssd/") |
311 | (synopsis "System security services daemon") | |
312 | (description "SSSD is a system daemon. Its primary function is to provide | |
313 | access to identity and authentication remote resource through a common | |
314 | framework that can provide caching and offline support to the system. It | |
65808ba4 TGR |
315 | provides PAM and NSS modules, and in the future will support D-BUS based |
316 | interfaces for extended user information. It also provides a better database | |
317 | to store local users as well as extended user data.") | |
7fe4e556 | 318 | (license license:gpl3+))) |