kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

openldap: 2.4.58 -> 2.6.2

Browse Source 
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_5/ANNOUNCEMENT
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6/ANNOUNCEMENT

Co-Authored-By: Andreas Schrägle <nix@ajs124.de>
main
Martin Weinelt 2 years ago
parent 3582135fe9
commit 39ef6322b5
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
3 changed files with 84 additions and 50 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 12
      nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
  2. 2
      nixos/doc/manual/release-notes/rl-2205.section.md
  3. 120
      pkgs/development/libraries/openldap/default.nix

12
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
Unescape View File

@ -672,6 +672,18 @@
the IPv6 loopback address (<literal>::1</literal>). the IPv6 loopback address (<literal>::1</literal>).
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>openldap</literal> (and therefore the slapd LDAP
server) were updated to version 2.6.2. The project introduced
backwards-incompatible changes, namely the removal of the bdb,
hdb, ndb, and shell backends in slapd. Therefore before
updating, dump your database <literal>slapcat -n 1</literal>
in LDIF format, and reimport it after updating your
<literal>services.openldap.settings</literal>, which
represents your <literal>cn=config</literal>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
<literal>openssh</literal> has been update to 8.9p1, changing <literal>openssh</literal> has been update to 8.9p1, changing

2
nixos/doc/manual/release-notes/rl-2205.section.md
Unescape View File

@ -238,6 +238,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- In the ncdns module, the default value of `services.ncdns.address` has been changed to the IPv6 loopback address (`::1`). - In the ncdns module, the default value of `services.ncdns.address` has been changed to the IPv6 loopback address (`::1`).
- `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`.
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface. - `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`. - `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`.

120
pkgs/development/libraries/openldap/default.nix
Unescape View File

@ -1,33 +1,48 @@
{ lib, stdenv, fetchurl, openssl, db, groff, libtool, libsodium { lib
, withCyrusSasl ? true , stdenv
, fetchurl
# dependencies
, cyrus_sasl , cyrus_sasl
, db
, groff
, libsodium
, libtool
, openssl
, systemdMinimal
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "openldap"; pname = "openldap";
version = "2.4.58"; version = "2.6.2";
src = fetchurl { src = fetchurl {
url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz"; url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz";
sha256 = "sha256-V7WSVL4V0L9qmrPVFMHAV3ewISMpFTMTSofJRGj49Hs="; hash = "sha256-gdCTRSMutiSG7PWsrNLFbAxFtKbIwGZhLn9CGiOhz4c";
}; };
# TODO: separate "out" and "bin" # TODO: separate "out" and "bin"
outputs = [ "out" "dev" "man" "devdoc" ]; outputs = [
"out"
"dev"
"man"
"devdoc"
];
enableParallelBuilding = true; enableParallelBuilding = true;
nativeBuildInputs = [ groff ]; nativeBuildInputs = [
groff
buildInputs = [ openssl cyrus_sasl db libsodium libtool ]; ];
# Disable install stripping as it breaks cross-compiling. buildInputs = [
# We strip binaries anyway in fixupPhase. cyrus_sasl
makeFlags= [ db
"STRIP=" libsodium
"prefix=$(out)" libtool
"moduledir=$(out)/lib/modules" openssl
"CC=${stdenv.cc.targetPrefix}cc" ] ++ lib.optionals (stdenv.isLinux) [
systemdMinimal
]; ];
preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") '' preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") ''
@ -35,56 +50,61 @@ stdenv.mkDerivation rec {
''; '';
configureFlags = [ configureFlags = [
"--enable-overlays" "--enable-argon2"
"--disable-dependency-tracking" # speeds up one-time build
"--enable-modules"
"--sysconfdir=/etc"
"--localstatedir=/var"
"--enable-crypt" "--enable-crypt"
"--enable-modules"
"--enable-overlays"
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
"--with-yielding_select=yes" "--with-yielding_select=yes"
"ac_cv_func_memcmp_working=yes" "ac_cv_func_memcmp_working=yes"
] ++ lib.optional (!withCyrusSasl) "--without-cyrus-sasl" ] ++ lib.optional stdenv.isFreeBSD "--with-pic";
++ lib.optional stdenv.isFreeBSD "--with-pic";
makeFlags= [
"CC=${stdenv.cc.targetPrefix}cc"
"STRIP=" # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase.
"prefix=${placeholder "out"}"
"sysconfdir=${placeholder "out"}/etc"
"systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
# contrib modules require these
"moduledir=${placeholder "out"}/lib/modules"
"mandir=${placeholder "out"}/share/man"
];
extraContribModules = [
# https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules
"passwd/sha2"
"passwd/pbkdf2"
"passwd/totp"
];
postBuild = '' postBuild = ''
make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/sha2 for module in ${lib.concatStringsSep " " extraContribModules}; do
make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/pbkdf2 make $makeFlags CC=$CC -C contrib/slapd-modules/$module
make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/argon2 done
''; '';
doCheck = false; # needs a running LDAP server preCheck = ''
substituteInPlace tests/scripts/all \
--replace "/bin/rm" "rm"
'';
installFlags = [ doCheck = true;
"sysconfdir=$(out)/etc"
"localstatedir=$(out)/var"
"moduledir=$(out)/lib/modules"
# The argon2 module hardcodes /usr/bin/install as the path for the
# `install` binary, which is overridden here.
"INSTALL=install"
];
# 1. Libraries left in the build location confuse `patchelf --shrink-rpath` # The directory is empty and serve no purpose.
# Delete these to let patchelf discover the right path instead.
# FIXME: that one can be removed when https://github.com/NixOS/patchelf/pull/98
# is in Nixpkgs patchelf.
# 2. Fixup broken libtool for openssl and cyrus_sasl (if it is not disabled)
preFixup = '' preFixup = ''
rm -r $out/var rm -r $out/var
rm -r libraries/*/.libs
rm -r contrib/slapd-modules/passwd/*/.libs
for f in $out/lib/libldap.la $out/lib/libldap_r.la; do
substituteInPlace "$f" --replace '-lssl' '-L${lib.getLib openssl}/lib -lssl'
'' + lib.optionalString withCyrusSasl ''
substituteInPlace "$f" --replace '-lsasl2' '-L${cyrus_sasl.out}/lib -lsasl2'
'' + ''
done
''; '';
installFlags = [
"prefix=${placeholder "out"}"
"moduledir=${placeholder "out"}/lib/modules"
"INSTALL=install"
];
postInstall = '' postInstall = ''
make $installFlags install -C contrib/slapd-modules/passwd/sha2 for module in ${lib.concatStringsSep " " extraContribModules}; do
make $installFlags install -C contrib/slapd-modules/passwd/pbkdf2 make $installFlags install -C contrib/slapd-modules/$module
make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2 done
chmod +x "$out"/lib/*.{so,dylib} chmod +x "$out"/lib/*.{so,dylib}
''; '';

Write Preview
Loading…
Cancel
Save