openldap: 2.4.58 -> 2.6.2
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_5/ANNOUNCEMENT https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6/ANNOUNCEMENT Co-Authored-By: Andreas Schrägle <nix@ajs124.de>
This commit is contained in:
parent
3582135fe9
commit
39ef6322b5
3 changed files with 88 additions and 54 deletions
|
@ -672,6 +672,18 @@
|
|||
the IPv6 loopback address (<literal>::1</literal>).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>openldap</literal> (and therefore the slapd LDAP
|
||||
server) were updated to version 2.6.2. The project introduced
|
||||
backwards-incompatible changes, namely the removal of the bdb,
|
||||
hdb, ndb, and shell backends in slapd. Therefore before
|
||||
updating, dump your database <literal>slapcat -n 1</literal>
|
||||
in LDIF format, and reimport it after updating your
|
||||
<literal>services.openldap.settings</literal>, which
|
||||
represents your <literal>cn=config</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>openssh</literal> has been update to 8.9p1, changing
|
||||
|
|
|
@ -238,6 +238,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- In the ncdns module, the default value of `services.ncdns.address` has been changed to the IPv6 loopback address (`::1`).
|
||||
|
||||
- `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`.
|
||||
|
||||
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
|
||||
|
||||
- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`.
|
||||
|
|
|
@ -1,33 +1,48 @@
|
|||
{ lib, stdenv, fetchurl, openssl, db, groff, libtool, libsodium
|
||||
, withCyrusSasl ? true
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchurl
|
||||
|
||||
# dependencies
|
||||
, cyrus_sasl
|
||||
, db
|
||||
, groff
|
||||
, libsodium
|
||||
, libtool
|
||||
, openssl
|
||||
, systemdMinimal
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "openldap";
|
||||
version = "2.4.58";
|
||||
version = "2.6.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz";
|
||||
sha256 = "sha256-V7WSVL4V0L9qmrPVFMHAV3ewISMpFTMTSofJRGj49Hs=";
|
||||
hash = "sha256-gdCTRSMutiSG7PWsrNLFbAxFtKbIwGZhLn9CGiOhz4c";
|
||||
};
|
||||
|
||||
# TODO: separate "out" and "bin"
|
||||
outputs = [ "out" "dev" "man" "devdoc" ];
|
||||
outputs = [
|
||||
"out"
|
||||
"dev"
|
||||
"man"
|
||||
"devdoc"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
nativeBuildInputs = [ groff ];
|
||||
nativeBuildInputs = [
|
||||
groff
|
||||
];
|
||||
|
||||
buildInputs = [ openssl cyrus_sasl db libsodium libtool ];
|
||||
|
||||
# Disable install stripping as it breaks cross-compiling.
|
||||
# We strip binaries anyway in fixupPhase.
|
||||
makeFlags= [
|
||||
"STRIP="
|
||||
"prefix=$(out)"
|
||||
"moduledir=$(out)/lib/modules"
|
||||
"CC=${stdenv.cc.targetPrefix}cc"
|
||||
buildInputs = [
|
||||
cyrus_sasl
|
||||
db
|
||||
libsodium
|
||||
libtool
|
||||
openssl
|
||||
] ++ lib.optionals (stdenv.isLinux) [
|
||||
systemdMinimal
|
||||
];
|
||||
|
||||
preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") ''
|
||||
|
@ -35,56 +50,61 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
configureFlags = [
|
||||
"--enable-overlays"
|
||||
"--disable-dependency-tracking" # speeds up one-time build
|
||||
"--enable-modules"
|
||||
"--sysconfdir=/etc"
|
||||
"--localstatedir=/var"
|
||||
"--enable-argon2"
|
||||
"--enable-crypt"
|
||||
"--enable-modules"
|
||||
"--enable-overlays"
|
||||
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
|
||||
"--with-yielding_select=yes"
|
||||
"ac_cv_func_memcmp_working=yes"
|
||||
] ++ lib.optional (!withCyrusSasl) "--without-cyrus-sasl"
|
||||
++ lib.optional stdenv.isFreeBSD "--with-pic";
|
||||
] ++ lib.optional stdenv.isFreeBSD "--with-pic";
|
||||
|
||||
postBuild = ''
|
||||
make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/sha2
|
||||
make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/pbkdf2
|
||||
make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/argon2
|
||||
'';
|
||||
|
||||
doCheck = false; # needs a running LDAP server
|
||||
|
||||
installFlags = [
|
||||
"sysconfdir=$(out)/etc"
|
||||
"localstatedir=$(out)/var"
|
||||
"moduledir=$(out)/lib/modules"
|
||||
# The argon2 module hardcodes /usr/bin/install as the path for the
|
||||
# `install` binary, which is overridden here.
|
||||
"INSTALL=install"
|
||||
makeFlags= [
|
||||
"CC=${stdenv.cc.targetPrefix}cc"
|
||||
"STRIP=" # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase.
|
||||
"prefix=${placeholder "out"}"
|
||||
"sysconfdir=${placeholder "out"}/etc"
|
||||
"systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
|
||||
# contrib modules require these
|
||||
"moduledir=${placeholder "out"}/lib/modules"
|
||||
"mandir=${placeholder "out"}/share/man"
|
||||
];
|
||||
|
||||
# 1. Libraries left in the build location confuse `patchelf --shrink-rpath`
|
||||
# Delete these to let patchelf discover the right path instead.
|
||||
# FIXME: that one can be removed when https://github.com/NixOS/patchelf/pull/98
|
||||
# is in Nixpkgs patchelf.
|
||||
# 2. Fixup broken libtool for openssl and cyrus_sasl (if it is not disabled)
|
||||
preFixup = ''
|
||||
rm -r $out/var
|
||||
rm -r libraries/*/.libs
|
||||
rm -r contrib/slapd-modules/passwd/*/.libs
|
||||
for f in $out/lib/libldap.la $out/lib/libldap_r.la; do
|
||||
substituteInPlace "$f" --replace '-lssl' '-L${lib.getLib openssl}/lib -lssl'
|
||||
'' + lib.optionalString withCyrusSasl ''
|
||||
substituteInPlace "$f" --replace '-lsasl2' '-L${cyrus_sasl.out}/lib -lsasl2'
|
||||
'' + ''
|
||||
extraContribModules = [
|
||||
# https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules
|
||||
"passwd/sha2"
|
||||
"passwd/pbkdf2"
|
||||
"passwd/totp"
|
||||
];
|
||||
|
||||
postBuild = ''
|
||||
for module in ${lib.concatStringsSep " " extraContribModules}; do
|
||||
make $makeFlags CC=$CC -C contrib/slapd-modules/$module
|
||||
done
|
||||
'';
|
||||
|
||||
preCheck = ''
|
||||
substituteInPlace tests/scripts/all \
|
||||
--replace "/bin/rm" "rm"
|
||||
'';
|
||||
|
||||
doCheck = true;
|
||||
|
||||
# The directory is empty and serve no purpose.
|
||||
preFixup = ''
|
||||
rm -r $out/var
|
||||
'';
|
||||
|
||||
installFlags = [
|
||||
"prefix=${placeholder "out"}"
|
||||
"moduledir=${placeholder "out"}/lib/modules"
|
||||
"INSTALL=install"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
make $installFlags install -C contrib/slapd-modules/passwd/sha2
|
||||
make $installFlags install -C contrib/slapd-modules/passwd/pbkdf2
|
||||
make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2
|
||||
for module in ${lib.concatStringsSep " " extraContribModules}; do
|
||||
make $installFlags install -C contrib/slapd-modules/$module
|
||||
done
|
||||
chmod +x "$out"/lib/*.{so,dylib}
|
||||
'';
|
||||
|
||||
|
|
Loading…
Reference in a new issue