summaryrefslogtreecommitdiff
path: root/gnu/packages/sssd.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/sssd.scm')
-rw-r--r--gnu/packages/sssd.scm207
1 files changed, 131 insertions, 76 deletions
diff --git a/gnu/packages/sssd.scm b/gnu/packages/sssd.scm
index 5457991952..2b4322d6d8 100644
--- a/gnu/packages/sssd.scm
+++ b/gnu/packages/sssd.scm
@@ -24,22 +24,28 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix gexp)
#:use-module (guix git-download)
#:use-module (guix utils)
+ #:use-module (guix build utils)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages)
#:use-module (gnu packages adns)
#:use-module (gnu packages augeas)
#:use-module (gnu packages autotools)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages check)
+ #:use-module (gnu packages crypto)
#:use-module (gnu packages curl)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages databases)
#:use-module (gnu packages dns)
#:use-module (gnu packages docbook)
#:use-module (gnu packages documentation)
+ #:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages jose)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages libunistring)
#:use-module (gnu packages linux)
@@ -49,8 +55,11 @@
#:use-module (gnu packages pcre)
#:use-module (gnu packages popt)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages python)
#:use-module (gnu packages samba)
+ #:use-module (gnu packages security-token)
#:use-module (gnu packages selinux)
+ #:use-module (gnu packages ssh)
#:use-module (gnu packages web)
#:use-module (gnu packages xml))
@@ -136,93 +145,128 @@ dynamically-growing, reference-counted array; libbasicobjects, a set of
fundamental object types for C.")
(license license:lgpl3+)))
-;; Note: This package installs modules for ldb and nss. For the former we
-;; need to set LDB_MODULES_PATH. For the latter LD_PRELOAD or LD_LIBRARY_PATH
-;; is needed.
(define-public sssd
(package
(name "sssd")
- (version "1.16.5")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://releases.pagure.org/SSSD/sssd/"
- "sssd-" version ".tar.gz"))
- (sha256
- (base32
- "1h6hwibaf3xa2w6qpzjiiywmfj6zkgbz4r2isf3gd0xm6vq7n6if"))
- (patches (search-patches "sssd-fix-samba.patch"
- "sssd-system-directories.patch"
- "sssd-collision-with-external-nss-symbol.patch"
- "sssd-fix-samba-4.15.3.patch"))))
+ (version "2.7.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/SSSD/sssd")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "05pw5lg410vc2yc3k4hqfsbyr9k4k18qb61gbh9xz7fcjpcysqv8"))
+ (patches (search-patches "sssd-optional-systemd.patch"
+ "sssd-system-directories.patch"))))
(build-system gnu-build-system)
(arguments
- `(#:make-flags
- (list (string-append "DOCBOOK_XSLT="
- (assoc-ref %build-inputs "docbook-xsl")
- "/xml/xsl/docbook-xsl-"
- ,(package-version docbook-xsl)
- "/manpages/docbook.xsl")
- ;; Remove "--postvalid" option, because that requires access to
- ;; online DTDs.
- "XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout")
- #:configure-flags
- (list "--localstatedir=/var" ;for /var/lib/sss, /var/run/sssd.pid, etc.
- "--sysconfdir=/etc" ;/etc/sssd
+ (list
+ #:make-flags
+ #~(list (string-append "CFLAGS=-DRENEWAL_PROG_PATH=\\\""
+ #$(this-package-input "adcli") "/sbin/adcli"
+ "\\\"")
+ (string-append "DOCBOOK_XSLT="
+ #$(this-package-native-input "docbook-xsl")
+ "/xml/xsl/docbook-xsl-"
+ #$(package-version (this-package-native-input "docbook-xsl"))
+ "/manpages/docbook.xsl")
+ ;; Remove "--postvalid" option, because that requires access to
+ ;; online DTDs.
+ "XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout")
+ #:configure-flags
+ #~(list "--localstatedir=/var" ; for /var/lib/sss, /var/run/sssd.pid, etc.
+ "--sysconfdir=/etc" ; /etc/sssd
- "--disable-cifs-idmap-plugin"
- "--without-nfsv4-idmapd-plugin"
- "--without-python2-bindings"
- "--without-python3-bindings"
- (string-append "--with-plugin-path="
- (assoc-ref %outputs "out")
- "/lib/sssd")
- (string-append "--with-krb5-plugin-path="
- (assoc-ref %outputs "out")
- "/lib/krb5/plugins/libkrb5")
- (string-append "--with-cifs-plugin-path="
- (assoc-ref %outputs "out")
- "/lib/cifs-utils")
- (string-append "--with-init-dir="
- (assoc-ref %outputs "out")
- "/etc/init.d")
- (string-append "--with-ldb-lib-dir="
- (assoc-ref %outputs "out")
- "/lib/ldb/modules/ldb")
- (string-append "--with-xml-catalog-path="
- (assoc-ref %build-inputs "docbook-xml")
- "/xml/dtd/docbook/catalog.xml"))
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'disable-failing-test
- (lambda _
- (substitute* "src/tests/responder_socket_access-tests.c"
- (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") ""))
- #t))
- (add-after 'unpack 'add-config-in
- (lambda _
- (let ((config.h (open-file "config.h.in" "a")))
- (display (string-append "
-/* Missing in commits on original repo, dunno why but won't work without. */
-#undef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-")
- config.h)
- (close config.h))))
- (add-before 'configure 'autoconf
- (lambda _
- (invoke "autoconf"))))))
+ "--disable-cifs-idmap-plugin"
+ "--without-nfsv4-idmapd-plugin"
+ (string-append "--with-plugin-path="
+ #$output "/lib/sssd")
+ (string-append "--with-krb5-plugin-path="
+ #$output "/lib/krb5/plugins/libkrb5")
+ (string-append "--with-cifs-plugin-path="
+ #$output "/lib/cifs-utils")
+ (string-append "--with-init-dir="
+ #$output "/etc/init.d")
+ (string-append "--with-ldb-lib-dir="
+ #$output "/lib/ldb/modules/ldb")
+ (string-append "--with-xml-catalog-path="
+ #$(this-package-native-input "docbook-xml")
+ "/xml/dtd/docbook/catalog.xml"))
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'patch-source-shebangs 'patch-more-shebangs
+ (lambda _
+ (substitute* '("src/tools/analyzer/sss_analyze"
+ "src/tools/sss_obfuscate")
+ (("#!/usr/bin/.*python")
+ (string-append "#!" #$(this-package-input "python") "/bin/python3")))))
+ (add-before 'bootstrap 'fix-configure-macros
+ (lambda _
+ ;; A configure test for nsupdate realm support fails without this.
+ (substitute* "src/external/nsupdate.m4"
+ (("\\$NSUPDATE ") "$NSUPDATE -i "))
+ ;; Let tests find softhsm lib.
+ (substitute* "src/external/test_ca.m4"
+ (("/usr/lib/softhsm")
+ (string-append #$(this-package-native-input "softhsm")
+ "/lib/softhsm")))))
+ (add-before 'configure 'disable-failing-tests
+ (lambda _
+ ;; Disable tests that needs /etc/passwd.
+ (substitute* "Makefile.am"
+ (("pam-srv-tests") "")
+ (("test-negcache") ""))
+ ;; This test fails for unknown reason.
+ (substitute* "src/tests/responder_socket_access-tests.c"
+ (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") ""))))
+ (add-before 'check 'set-libpython-path
+ (lambda _
+ (setenv "LD_LIBRARY_PATH"
+ (string-append #$(this-package-input "python") "/lib"))))
+ (add-after 'install 'remove-static-libs
+ (lambda _
+ ;; Remove a static library that produces a (harmless) warning
+ ;; when starting a program that uses sssd’s LDB modules.
+ (delete-file
+ (string-append #$output "/lib/ldb/modules/ldb/memberof.la"))))
+ (add-after 'install 'wrap-binaries
+ (lambda _
+ (with-directory-excursion #$output
+ ;; Set path to LDB modules for sssd and utilities.
+ (for-each (lambda (bin)
+ (wrap-program (string-append "sbin/" bin)
+ `("LDB_MODULES_PATH" ":" prefix
+ (,(string-append #$output "/lib/ldb/modules/ldb")))))
+ '("sssd" "sssctl" "sss_cache" "sss_override" "sss_seed"))
+ ;; Set path to sssd’s site-packages for scripts.
+ (for-each (lambda (script)
+ (wrap-program script
+ `("GUIX_PYTHONPATH" ":" prefix
+ (,(string-append #$output "/lib/python"
+ #$(version-major+minor
+ (package-version
+ (this-package-input "python")))
+ "/site-packages")))))
+ '("libexec/sssd/sss_analyze" "sbin/sss_obfuscate"))))))))
(inputs
- (list augeas
- `(,isc-bind "utils")
+ (list adcli
+ bash-minimal
c-ares
- curl
+ curl ; for OpenID Connect support
cyrus-sasl
dbus
ding-libs
glib
gnutls
http-parser
+ `(,isc-bind "utils")
jansson
+ jose ; for OpenID Connect support
+ keyutils
ldb
+ libnl
libselinux
libsemanage
libunistring
@@ -231,21 +275,32 @@ fundamental object types for C.")
nss
openldap
openssl
- pcre
+ p11-kit ; for PKCS#11 support
+ pcre2
popt
+ python
samba
talloc
tdb
tevent))
(native-inputs
- (list autoconf-2.69
- check-0.14
- docbook-xsl
+ (list autoconf
+ automake
+ check ; for tests
+ cmocka ; for tests
docbook-xml
+ docbook-xsl
+ doxygen
+ gettext-minimal
+ libfaketime ; for tests
+ libtool
libxml2 ; for xmllint
libxslt
+ openssh ; for tests
pkg-config
- `(,util-linux "lib"))) ;for uuid.h, reqired for KCM
+ po4a
+ softhsm ; for tests
+ `(,util-linux "lib"))) ; for uuid.h, reqired for KCM
(home-page "https://pagure.io/SSSD/sssd/")
(synopsis "System security services daemon")
(description "SSSD is a system daemon. Its primary function is to provide
generated by cgit v1.2.3 (git 2.45.2) at 2024-06-29 21:47:22 +0000