sssd: 1.16.5 -> 2.6.0, fix broken build

nixos/tests/sssd-ldap.nix

@@ -1,96 +1,94 @@
-({ pkgs, ... }:
+let
-  let
+  dbDomain = "example.org";
-    dbDomain = "example.org";
+  dbSuffix = "dc=example,dc=org";
-    dbSuffix = "dc=example,dc=org";
 
-    ldapRootUser = "admin";
+  ldapRootUser = "admin";
-    ldapRootPassword = "foobar";
+  ldapRootPassword = "foobar";
 
-    testUser = "alice";
+  testUser = "alice";
-  in import ./make-test-python.nix {
+in import ./make-test-python.nix ({pkgs, ...}: {
-    name = "sssd-ldap";
+  name = "sssd-ldap";
 
-    meta = with pkgs.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
-      maintainers = [ bbigras ];
+    maintainers = [ bbigras ];
-    };
+  };
 
-    machine = { pkgs, ... }: {
+  machine = { pkgs, ... }: {
-      services.openldap = {
+    services.openldap = {
-        enable = true;
+      enable = true;
-        settings = {
+      settings = {
-          children = {
+        children = {
-            "cn=schema".includes = [
+          "cn=schema".includes = [
-              "${pkgs.openldap}/etc/schema/core.ldif"
+            "${pkgs.openldap}/etc/schema/core.ldif"
-              "${pkgs.openldap}/etc/schema/cosine.ldif"
+            "${pkgs.openldap}/etc/schema/cosine.ldif"
-              "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
+            "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
-              "${pkgs.openldap}/etc/schema/nis.ldif"
+            "${pkgs.openldap}/etc/schema/nis.ldif"
-            ];
+          ];
-            "olcDatabase={1}mdb" = {
+          "olcDatabase={1}mdb" = {
-              attrs = {
+            attrs = {
-                objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+              objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
-                olcDatabase = "{1}mdb";
+              olcDatabase = "{1}mdb";
-                olcDbDirectory = "/var/db/openldap";
+              olcDbDirectory = "/var/db/openldap";
-                olcSuffix = dbSuffix;
+              olcSuffix = dbSuffix;
-                olcRootDN = "cn=${ldapRootUser},${dbSuffix}";
+              olcRootDN = "cn=${ldapRootUser},${dbSuffix}";
-                olcRootPW = ldapRootPassword;
+              olcRootPW = ldapRootPassword;
-              };
             };
           };
         };
-        declarativeContents = {
-          ${dbSuffix} = ''
-            dn: ${dbSuffix}
-            objectClass: top
-            objectClass: dcObject
-            objectClass: organization
-            o: ${dbDomain}
-
-            dn: ou=posix,${dbSuffix}
-            objectClass: top
-            objectClass: organizationalUnit
-
-            dn: ou=accounts,ou=posix,${dbSuffix}
-            objectClass: top
-            objectClass: organizationalUnit
-
-            dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
-            objectClass: person
-            objectClass: posixAccount
-            # userPassword: somePasswordHash
-            homeDirectory: /home/${testUser}
-            uidNumber: 1234
-            gidNumber: 1234
-            cn: ""
-            sn: ""
-          '';
-        };
       };
+      declarativeContents = {
+        ${dbSuffix} = ''
+          dn: ${dbSuffix}
+          objectClass: top
+          objectClass: dcObject
+          objectClass: organization
+          o: ${dbDomain}
 
-      services.sssd = {
+          dn: ou=posix,${dbSuffix}
-        enable = true;
+          objectClass: top
-        config = ''
+          objectClass: organizationalUnit
-          [sssd]
-          config_file_version = 2
-          services = nss, pam, sudo
-          domains = ${dbDomain}
 
-          [domain/${dbDomain}]
+          dn: ou=accounts,ou=posix,${dbSuffix}
-          auth_provider = ldap
+          objectClass: top
-          id_provider = ldap
+          objectClass: organizationalUnit
-          ldap_uri = ldap://127.0.0.1:389
+
-          ldap_search_base = ${dbSuffix}
+          dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix}
-          ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix}
+          objectClass: person
-          ldap_default_authtok_type = password
+          objectClass: posixAccount
-          ldap_default_authtok = ${ldapRootPassword}
+          # userPassword: somePasswordHash
+          homeDirectory: /home/${testUser}
+          uidNumber: 1234
+          gidNumber: 1234
+          cn: ""
+          sn: ""
         '';
       };
     };
 
-    testScript = ''
+    services.sssd = {
-      machine.start()
+      enable = true;
-      machine.wait_for_unit("openldap.service")
+      config = ''
-      machine.wait_for_unit("sssd.service")
+        [sssd]
-      machine.succeed("getent passwd ${testUser}")
+        config_file_version = 2
-    '';
+        services = nss, pam, sudo
-  }
+        domains = ${dbDomain}
-)
+
+        [domain/${dbDomain}]
+        auth_provider = ldap
+        id_provider = ldap
+        ldap_uri = ldap://127.0.0.1:389
+        ldap_search_base = ${dbSuffix}
+        ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix}
+        ldap_default_authtok_type = password
+        ldap_default_authtok = ${ldapRootPassword}
+      '';
+    };
+  };
+
+  testScript = ''
+    machine.start()
+    machine.wait_for_unit("openldap.service")
+    machine.wait_for_unit("sssd.service")
+    machine.succeed("getent passwd ${testUser}")
+  '';
+})

pkgs/os-specific/linux/sssd/default.nix

@@ -1,8 +1,8 @@
-{ lib, stdenv, fetchFromGitHub, autoreconfHook, fetchpatch, glibc, augeas, dnsutils, c-ares, curl,
+{ lib, stdenv, fetchFromGitHub, autoreconfHook, glibc, augeas, dnsutils, c-ares, curl,
   cyrus_sasl, ding-libs, libnl, libunistring, nss, samba, nfs-utils, doxygen,
   python, python3, pam, popt, talloc, tdb, tevent, pkg-config, ldb, openldap,
-  pcre, libkrb5, cifs-utils, glib, keyutils, dbus, fakeroot, libxslt, libxml2,
+  pcre2, libkrb5, cifs-utils, glib, keyutils, dbus, fakeroot, libxslt, libxml2,
-  libuuid, ldap, systemd, nspr, check, cmocka, uid_wrapper,
+  libuuid, ldap, systemd, nspr, check, cmocka, uid_wrapper, p11-kit,
   nss_wrapper, ncurses, Po4a, http-parser, jansson,
   docbook_xsl, docbook_xml_dtd_44,
   withSudo ? false }:
@@ -12,26 +12,18 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "sssd";
-  version = "1.16.5";
+  version = "2.6.0";
 
   src = fetchFromGitHub {
     owner = "SSSD";
     repo = pname;
-    rev = "${pname}-${lib.replaceStrings ["."] ["_"] version}";
+    rev = version;
-    sha256 = "0zbs04lkjbp7y92anmafl7gzamcnq1f147p13hc4byyvjk9rg6f7";
+    sha256 = "1ik0x0b7s38d7n0aqhl31r0asxw6qcdb31hx9qydk87yg3n6rziv";
   };
-  patches = [
+
-    # Fix build failure against samba 4.12.0rc1
+  postPatch = ''
-    (fetchpatch {
+    patchShebangs ./sbus_generate.sh.in
-      url = "https://github.com/SSSD/sssd/commit/bc56b10aea999284458dcc293b54cf65288e325d.patch";
+  '';
-      sha256 = "0q74sx5n41srq3kdn55l5j1sq4xrjsnl5y4v8yh5mwsijj74yh4g";
-    })
-    # Fix collision with external nss symbol
-    (fetchpatch {
-      url = "https://github.com/SSSD/sssd/commit/fe9eeb51be06059721e873f77092b1e9ba08e6c1.patch";
-      sha256 = "0b83b2w0rnvm26pg03a4lpmkmi7n3gqxg7lk751q61q79gnzrpz4";
-    })
-  ];
 
   # Something is looking for <libxml/foo.h> instead of <libxml2/libxml/foo.h>
   NIX_CFLAGS_COMPILE = "-I${libxml2.dev}/include/libxml2";
@@ -64,8 +56,8 @@ stdenv.mkDerivation rec {
   enableParallelBuilding = true;
   nativeBuildInputs = [ autoreconfHook pkg-config doxygen ];
   buildInputs = [ augeas dnsutils c-ares curl cyrus_sasl ding-libs libnl libunistring nss
-                  samba nfs-utils python python3 popt
+                  samba nfs-utils p11-kit python python3 popt
-                  talloc tdb tevent ldb pam openldap pcre libkrb5
+                  talloc tdb tevent ldb pam openldap pcre2 libkrb5
                   cifs-utils glib keyutils dbus fakeroot libxslt libxml2
                   libuuid ldap systemd nspr check cmocka uid_wrapper
                   nss_wrapper ncurses Po4a http-parser jansson ];
@@ -102,6 +94,6 @@ stdenv.mkDerivation rec {
     changelog = "https://sssd.io/release-notes/sssd-${version}.html";
     license = licenses.gpl3Plus;
     platforms = platforms.linux;
-    maintainers = [ maintainers.e-user ];
+    maintainers = with maintainers; [ e-user illustris ];
   };
 }

pkgs/servers/dns/bind/default.nix

@@ -1,13 +1,12 @@
 { config, stdenv, lib, fetchurl, fetchpatch
 , perl, pkg-config
 , libcap, libtool, libxml2, openssl, libuv
-, enablePython ? config.bind.enablePython or false, python3 ? null
+, enableGSSAPI ? true, libkrb5
-, enableSeccomp ? false, libseccomp ? null, buildPackages, nixosTests
+, enablePython ? false, python3
+, enableSeccomp ? false, libseccomp
+, buildPackages, nixosTests
 }:
 
-assert enableSeccomp -> libseccomp != null;
-assert enablePython -> python3 != null;
-
 stdenv.mkDerivation rec {
   pname = "bind";
   version = "9.16.16";
@@ -28,6 +27,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ libtool libxml2 openssl libuv ]
     ++ lib.optional stdenv.isLinux libcap
     ++ lib.optional enableSeccomp libseccomp
+    ++ lib.optional enableGSSAPI libkrb5
     ++ lib.optional enablePython (python3.withPackages (ps: with ps; [ ply ]));
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
@@ -39,7 +39,6 @@ stdenv.mkDerivation rec {
     "--without-atf"
     "--without-dlopen"
     "--without-docbook-xsl"
-    "--without-gssapi"
     "--without-idn"
     "--without-idnlib"
     "--without-lmdb"
@@ -53,6 +52,7 @@ stdenv.mkDerivation rec {
     "--with-aes"
   ] ++ lib.optional stdenv.isLinux "--with-libcap=${libcap.dev}"
     ++ lib.optional enableSeccomp "--enable-seccomp"
+    ++ lib.optional enableGSSAPI "--with-gssapi=${libkrb5.dev}"
     ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) "BUILD_CC=$(CC_FOR_BUILD)";
 
   postInstall = ''