nixpkgs/pkgs/development/libraries/kerberos/krb5.nix

{ lib, stdenv, fetchurl, pkg-config, perl, bison, bootstrap_cmds
, openssl, openldap, libedit, keyutils, libverto

# for passthru.tests
, bind
, curl
, nixosTests
, openssh
, postgresql
, python3

# Extra Arguments
, type ? ""
# This is called "staticOnly" because krb5 does not support
# builting both static and shared, see below.
, staticOnly ? false
, withVerto ? false
}:

# Note: this package is used for bootstrapping fetchurl, and thus
# cannot use fetchpatch! All mutable patches (generated by GitHub or
# cgit) that are needed here should be included directly in Nixpkgs as
# files.

let
  libOnly = type == "lib";
in
stdenv.mkDerivation rec {
  pname = "${type}krb5";
  version = "1.20.1";

  src = fetchurl {
    url = "https://kerberos.org/dist/krb5/${lib.versions.majorMinor version}/krb5-${version}.tar.gz";
    sha256 = "sha256-cErtSbGetacXizSyhzYg7CmdsIdS1qhXT5XUGHmriFE=";
  };

  outputs = [ "out" "dev" ];

  configureFlags = [ "--localstatedir=/var/lib" ]
    # krb5's ./configure does not allow passing --enable-shared and --enable-static at the same time.
    # See https://bbs.archlinux.org/viewtopic.php?pid=1576737#p1576737
    ++ lib.optionals staticOnly [ "--enable-static" "--disable-shared" ]
    ++ lib.optional withVerto "--with-system-verto"
    ++ lib.optional stdenv.isFreeBSD ''WARN_CFLAGS=""''
    ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform)
       [ "krb5_cv_attr_constructor_destructor=yes,yes"
         "ac_cv_func_regcomp=yes"
         "ac_cv_printf_positional=yes"
       ];

  nativeBuildInputs = [ pkg-config perl ]
    ++ lib.optional (!libOnly) bison
    # Provides the mig command used by the build scripts
    ++ lib.optional stdenv.isDarwin bootstrap_cmds;

  buildInputs = [ openssl ]
    ++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "bionic" && !(stdenv.hostPlatform.useLLVM or false)) [ keyutils ]
    ++ lib.optionals (!libOnly) [ openldap libedit ]
    ++ lib.optionals withVerto [ libverto ];

  sourceRoot = "krb5-${version}/src";

  postPatch = ''
    substituteInPlace config/shlib.conf \
        --replace "'ld " "'${stdenv.cc.targetPrefix}ld "
  '';

  libFolders = [ "util" "include" "lib" "build-tools" ];

  buildPhase = lib.optionalString libOnly ''
    runHook preBuild

    MAKE="make -j $NIX_BUILD_CORES"
    for folder in $libFolders; do
      $MAKE -C $folder
    done

    runHook postBuild
  '';

  installPhase = lib.optionalString libOnly ''
    runHook preInstall

    mkdir -p "$out"/{bin,sbin,lib/pkgconfig,share/{et,man/man1}} \
      "$dev"/include/{gssapi,gssrpc,kadm5,krb5}
    for folder in $libFolders; do
      $MAKE -C $folder install
    done

    runHook postInstall
  '';

  # not via outputBin, due to reference from libkrb5.so
  postInstall = ''
    moveToOutput bin/krb5-config "$dev"
  '';

  enableParallelBuilding = true;
  doCheck = false; # fails with "No suitable file for testing purposes"

  meta = with lib; {
    description = "MIT Kerberos 5";
    homepage = "http://web.mit.edu/kerberos/";
    license = licenses.mit;
    platforms = platforms.unix ++ platforms.windows;
  };

  passthru = {
    implementation = "krb5";
    tests = {
      inherit (nixosTests) kerberos;
      inherit (python3.pkgs) requests-credssp;
      bind = bind.override { enableGSSAPI = true; };
      curl = curl.override { gssSupport = true; };
      openssh = openssh.override { withKerberos = true; };
      postgresql = postgresql.override { gssSupport = true; };
    };
  };
}
yacc: deprecate alias and add a new line after the alphabetically sorting to please my inner monk 2021-03-14 17:50:12 +00:00			`{ lib, stdenv, fetchurl, pkg-config, perl, bison, bootstrap_cmds`
krb5: add libverto as dependency 2023-03-16 06:38:35 +00:00			`, openssl, openldap, libedit, keyutils, libverto`
krb5: add some key reverse-dependencies to passthru.tests 2022-12-26 17:10:11 +00:00
			`# for passthru.tests`
			`, bind`
			`, curl`
krb5: add pasthru.tests 2022-07-09 19:13:09 +00:00			`, nixosTests`
krb5: add some key reverse-dependencies to passthru.tests 2022-12-26 17:10:11 +00:00			`, openssh`
			`, postgresql`
			`, python3`
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00
			`# Extra Arguments`
			`, type ? ""`
krb5: Add `staticOnly` flag 2018-07-21 02:40:20 +00:00			`# This is called "staticOnly" because krb5 does not support`
			`# builting both static and shared, see below.`
			`, staticOnly ? false`
krb5: add libverto as dependency 2023-03-16 06:38:35 +00:00			`, withVerto ? false`
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00			`}:`
Add MIT Kerberos implementation krb5. svn path=/nixpkgs/trunk/; revision=18202 2009-11-06 12:57:29 +00:00
treewide: add warning comment to “boot” packages This adds a warning to the top of each “boot” package that reads: Note: this package is used for bootstrapping fetchurl, and thus cannot use fetchpatch! All mutable patches (generated by GitHub or cgit) that are needed here should be included directly in Nixpkgs as files. This makes it clear to maintainer that they may need to treat this package a little differently than others. Importantly, we can’t use fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale hashes, we need to include patches that are subject to changing overtime (for instance, gitweb’s patches contain a version number at the bottom). 2020-06-26 20:44:45 +00:00			`# Note: this package is used for bootstrapping fetchurl, and thus`
			`# cannot use fetchpatch! All mutable patches (generated by GitHub or`
			`# cgit) that are needed here should be included directly in Nixpkgs as`
			`# files.`

Add MIT Kerberos implementation krb5. svn path=/nixpkgs/trunk/; revision=18202 2009-11-06 12:57:29 +00:00			`let`
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00			`libOnly = type == "lib";`
krb5: 1.13.1 -> 1.13.2 2015-05-28 07:53:47 +00:00			`in`
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00			`stdenv.mkDerivation rec {`
krb5: rename name to pname&version 2022-02-23 23:29:36 +00:00			`pname = "${type}krb5";`
krb5: 1.20 -> 1.20.1 2022-12-19 01:06:51 +00:00			`version = "1.20.1";`
Add MIT Kerberos implementation krb5. svn path=/nixpkgs/trunk/; revision=18202 2009-11-06 12:57:29 +00:00
			`src = fetchurl {`
krb5: remove file-wide with lib; 2022-07-07 17:16:53 +00:00			`url = "https://kerberos.org/dist/krb5/${lib.versions.majorMinor version}/krb5-${version}.tar.gz";`
krb5: 1.20 -> 1.20.1 2022-12-19 01:06:51 +00:00			`sha256 = "sha256-cErtSbGetacXizSyhzYg7CmdsIdS1qhXT5XUGHmriFE=";`
Add MIT Kerberos implementation krb5. svn path=/nixpkgs/trunk/; revision=18202 2009-11-06 12:57:29 +00:00			`};`

kerberos: split headers into $dev 2017-12-17 13:51:32 +00:00			`outputs = [ "out" "dev" ];`

krb5: 1.19.3 -> 1.20 see https://github.com/krb5/krb5/blob/krb5-1.20-final/README#L88 for changes 2022-07-07 13:59:46 +00:00			`configureFlags = [ "--localstatedir=/var/lib" ]`
krb5: Add `staticOnly` flag 2018-07-21 02:40:20 +00:00			`# krb5's ./configure does not allow passing --enable-shared and --enable-static at the same time.`
			`# See https://bbs.archlinux.org/viewtopic.php?pid=1576737#p1576737`
treewide: optional -> optionals where the argument is a list the argument to optional should not be list 2022-10-06 16:38:53 +00:00			`++ lib.optionals staticOnly [ "--enable-static" "--disable-shared" ]`
krb5: add libverto as dependency 2023-03-16 06:38:35 +00:00			`++ lib.optional withVerto "--with-system-verto"`
krb5: remove file-wide with lib; 2022-07-07 17:16:53 +00:00			`++ lib.optional stdenv.isFreeBSD ''WARN_CFLAGS=""''`
			`++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform)`
krb5: Allow cross-compilation 2017-10-17 21:05:19 +00:00			`[ "krb5_cv_attr_constructor_destructor=yes,yes"`
			`"ac_cv_func_regcomp=yes"`
			`"ac_cv_printf_positional=yes"`
			`];`
FreeBSD: patch expat, kerberos, libedit, ossp-uuid, lz4, sharutils, add libelf-freebsd 2015-11-26 17:33:58 +00:00
treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix continuation of #109595 pkgconfig was aliased in 2018, however, it remained in all-packages.nix due to its wide usage. This cleans up the remaining references to pkgs.pkgsconfig and moves the entry to aliases.nix. python3Packages.pkgconfig remained unchanged because it's the canonical name of the upstream package on pypi. 2021-01-19 06:50:56 +00:00			`nativeBuildInputs = [ pkg-config perl ]`
krb5: remove file-wide with lib; 2022-07-07 17:16:53 +00:00			`++ lib.optional (!libOnly) bison`
krb5: fix Darwin build by providing mig 2015-04-06 19:21:43 +00:00			`# Provides the mig command used by the build scripts`
krb5: remove file-wide with lib; 2022-07-07 17:16:53 +00:00			`++ lib.optional stdenv.isDarwin bootstrap_cmds;`
llvm8: support c++ in cross case this adds libc++ to the LLVM cross, giving us access to the full Nixpkgs set. This requires 4 stages of wrapped compilers: - Clang with no libraries - Clang with just compiler-rt - Clang with Libc, and compiler-rt - Clang with Libc++, Libc, and compiler-rt 2019-04-12 00:51:48 +00:00
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00			`buildInputs = [ openssl ]`
krb5: remove file-wide with lib; 2022-07-07 17:16:53 +00:00			`++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "bionic" && !(stdenv.hostPlatform.useLLVM or false)) [ keyutils ]`
krb5: add libverto as dependency 2023-03-16 06:38:35 +00:00			`++ lib.optionals (!libOnly) [ openldap libedit ]`
			`++ lib.optionals withVerto [ libverto ];`
Add MIT Kerberos implementation krb5. svn path=/nixpkgs/trunk/; revision=18202 2009-11-06 12:57:29 +00:00
krb5: preConfigure -> sourceRoot 2022-07-07 15:25:27 +00:00			`sourceRoot = "krb5-${version}/src";`
Add MIT Kerberos implementation krb5. svn path=/nixpkgs/trunk/; revision=18202 2009-11-06 12:57:29 +00:00
libkrb5: fix BSD cross-compilation For Linux and Darwin, it uses $(CC), but for BSD it hardcodes ld for some reason. 2023-01-25 21:46:17 +00:00			`postPatch = ''`
			`substituteInPlace config/shlib.conf \`
			`--replace "'ld " "'${stdenv.cc.targetPrefix}ld "`
			`'';`

krb5: run hooks and replace subshells with make -C 2022-07-07 17:13:03 +00:00			`libFolders = [ "util" "include" "lib" "build-tools" ];`

krb5: remove file-wide with lib; 2022-07-07 17:16:53 +00:00			`buildPhase = lib.optionalString libOnly ''`
krb5: run hooks and replace subshells with make -C 2022-07-07 17:13:03 +00:00			`runHook preBuild`

treewide: drop -l$NIX_BUILD_CORES Passing `-l$NIX_BUILD_CORES` improperly limits the overall system load. For a build machine which is configured to run `$B` builds where each build gets `total cores / B` cores (`$C`), passing `-l $C` to make will improperly limit the load to `$C` instead of `$B * $C`. This effect becomes quite pronounced on machines with 80 cores, with 40 simultaneous builds and a cores limit of 2. On a machine with this configuration, Nix will run 40 builds and make will limit the overall system load to approximately 2. A build machine with this many cores can happily run with a load approaching 80. A non-solution is to oversubscribe the machine, by picking a larger `$C`. However, there is no way to divide the number of cores in a way which fairly subdivides the available cores when `$B` is greater than 1. There has been exploration of passing a jobserver in to the sandbox, or sharing a jobserver between all the builds. This is one option, but relatively complicated and only supports make. Lots of other software uses its own implementation of `-j` and doesn't support either `-l` or the Make jobserver. For the case of an interactive user machine, the user should limit overall system load using `$B`, `$C`, and optionally systemd's cpu/network/io limiting features. Making this change should significantly improve the utilization of our build farm, and improve the throughput of Hydra. 2022-09-22 15:17:14 +00:00			`MAKE="make -j $NIX_BUILD_CORES"`
krb5: run hooks and replace subshells with make -C 2022-07-07 17:13:03 +00:00			`for folder in $libFolders; do`
			`$MAKE -C $folder`
			`done`

			`runHook postBuild`
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00			`'';`

krb5: remove file-wide with lib; 2022-07-07 17:16:53 +00:00			`installPhase = lib.optionalString libOnly ''`
krb5: run hooks and replace subshells with make -C 2022-07-07 17:13:03 +00:00			`runHook preInstall`

kerberos: split headers into $dev 2017-12-17 13:51:32 +00:00			`mkdir -p "$out"/{bin,sbin,lib/pkgconfig,share/{et,man/man1}} \`
			`"$dev"/include/{gssapi,gssrpc,kadm5,krb5}`
krb5: run hooks and replace subshells with make -C 2022-07-07 17:13:03 +00:00			`for folder in $libFolders; do`
			`$MAKE -C $folder install`
			`done`

			`runHook postInstall`
kerberos: split headers into $dev 2017-12-17 13:51:32 +00:00			`'';`

			`# not via outputBin, due to reference from libkrb5.so`
			`postInstall = ''`
kerberos: move user binaries to default output The intention of the previous change was to move krb5-config to .dev (it gives the locations of headers), but it grabbed all of the user-facing binaries too. This puts them back. 2018-03-01 09:20:51 +00:00			`moveToOutput bin/krb5-config "$dev"`
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00			`'';`
krb5: fix build via update 2013-03-20 22:36:17 +00:00
krb5: Update to 1.10.5 CVE-2012-1012, CVE-2012-1013, CVE-2012-1015, CVE-2012-1016, CVE-2013-1415, CVE-2013-1416. 2013-05-01 11:11:46 +00:00			`enableParallelBuilding = true;`
tree-wide: disable `doCheck` and `doInstallCheck` where it fails (the trivial part) 2018-04-25 03:20:18 +00:00			`doCheck = false; # fails with "No suitable file for testing purposes"`
krb5: Update to 1.10.5 CVE-2012-1012, CVE-2012-1013, CVE-2012-1015, CVE-2012-1016, CVE-2013-1415, CVE-2013-1416. 2013-05-01 11:11:46 +00:00
krb5: remove file-wide with lib; 2022-07-07 17:16:53 +00:00			`meta = with lib; {`
krb5: fix build via update 2013-03-20 22:36:17 +00:00			`description = "MIT Kerberos 5";`
treewide: Per RFC45, remove all unquoted URLs 2020-04-01 01:11:51 +00:00			`homepage = "http://web.mit.edu/kerberos/";`
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00			`license = licenses.mit;`
direnv: make cross-compile on windows 2018-11-22 21:25:05 +00:00			`platforms = platforms.unix ++ platforms.windows;`
Add MIT Kerberos implementation krb5. svn path=/nixpkgs/trunk/; revision=18202 2009-11-06 12:57:29 +00:00			`};`
kerberos: Add development string 2015-03-05 00:48:20 +00:00
krb5: add pasthru.tests 2022-07-09 19:13:09 +00:00			`passthru = {`
			`implementation = "krb5";`
krb5: add some key reverse-dependencies to passthru.tests 2022-12-26 17:10:11 +00:00			`tests = {`
			`inherit (nixosTests) kerberos;`
			`inherit (python3.pkgs) requests-credssp;`
			`bind = bind.override { enableGSSAPI = true; };`
			`curl = curl.override { gssSupport = true; };`
			`openssh = openssh.override { withKerberos = true; };`
			`postgresql = postgresql.override { gssSupport = true; };`
			`};`
krb5: add pasthru.tests 2022-07-09 19:13:09 +00:00			`};`
krb5: Break out into a lib and not lib version 2015-06-27 05:04:45 +00:00			`}`