Merge branch 'gburd/flake' into 'master'

Draft: Gburd/flake See merge request openldap/openldap!701
2026-02-18 10:07:56 -05:00 · 2026-02-13 16:03:53 -05:00 · 2026-02-13 16:03:53 -05:00 · 2506a591d5
commit 2506a591d5
parent c787dc9bfe 2b5ad556ae
4 changed files with 284 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -26,6 +26,9 @@ resource.rc
 *0000.bin
 *.ilk

+# Nix
+result
+
 # Misc
 *.eml
 *.patch
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,77 @@
+{
+  "nodes": {
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1692799911,
+        "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1694452019,
+        "narHash": "sha256-G3ZXieZTVmgFaa6a/52cACbNO/NwadZJDtwupNlyMQk=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "17983f679ae893336a050c79312f8a8de48470e6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,203 @@
+# flake.nix --
+#
+# A flake is simply a source tree (such as a Git repository) containing a file
+# named flake.nix that provides a standardized interface to Nix artifacts such
+# as packages or NixOS modules. Flakes can have dependencies on other flakes,
+# with a “lock file” pinning those dependencies to exact revisions to ensure
+# reproducible evaluation.  This file describes a Nix source repository that
+# provides development builds of Symas OpenLDAP and related builds libraries.
+# It also provides a development environment for working on OpenLDAP, invoked
+# with "nix develop".
+#
+# For more information about this and why this file is useful, see:
+# https://nixos.wiki/wiki/Flakes
+#
+# Also look into direnv: https://direnv.net/, this can make it so that you can
+# automatically get your environment set up when you change folders into the
+# project.
+#
+# WARNING: currently, the packages provided by this flake are under development
+# with no intended use in production systems or implied support in the future.
+
+{
+  description = "OpenLDAP, an open-source implementation of the Lightweight Directory Access Protocol";
+
+  # Nixpkgs / NixOS version to use.
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs";
+    flake-utils.url = "github:numtide/flake-utils";
+    flake-compat = {
+      url = "github:edolstra/flake-compat";
+      flake = false;
+    };
+  };
+
+  outputs = { self, nixpkgs, flake-utils, flake-compat }:
+
+    let
+      # Grab a helper func out of the Nix language libraries. Annoyingly these
+      # are only accessible through legacyPackages right now, which forces us to
+      # indirect through a platform-specific path. The x86_64-linux in here
+      # doesn't really matter, since all we're grabbing is a pure Nix string
+      # manipulation function that doesn't build any software.
+      fileContents = nixpkgs.legacyPackages.x86_64-linux.lib.fileContents;
+
+      # The openldap flake takes a nixpkgs package set, and builds the services
+      # from the same commit as this flake. In other words, it provides "built
+      # from HEAD", where HEAD is "whatever commit you imported the flake at".
+
+      # Required to work with older version of flakes.
+      lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101";
+
+      # Generate a user-friendly version number (e.g. "1.2.3-20231027-DIRTY").
+      #      version = "${builtins.readFile ./VERSION.txt}.${builtins.substring 0 8 (self.lastModifiedDate or "19700101")}.${self.shortRev or "DIRTY"}";
+      version = "${"2.6.6"}.${builtins.substring 0 8 (self.lastModifiedDate or "19700101")}.${self.shortRev or "DIRTY"}";
+
+      # System types to support.
+      supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; #  "ppc64le-linux"
+
+      # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
+      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
+
+      # Nixpkgs instantiated for supported system types.
+      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = [ self.overlay ]; });
+
+    in
+      {
+
+        # A Nixpkgs overlay.
+        overlay = final: prev: {
+
+          openldap = with final; stdenv.mkDerivation rec {
+            pname = "openldap";
+            inherit version;
+
+            src = ./.;
+
+            outputs = [
+              "out"
+              "dev"
+              "man"
+              "devdoc"
+            ];
+
+            enableParallelBuilding = true;
+
+            nativeBuildInputs = [
+#              autoreconfHook
+#              pkgconfig
+              groff
+            ];
+
+            buildInputs = [
+              (cyrus_sasl.override {
+                inherit openssl;
+              })
+              libsodium
+              libtool
+              openssl
+            ] ++ lib.optionals (stdenv.isLinux) [
+              libxcrypt # causes linking issues on *-darwin
+              systemdMinimal
+            ];
+
+            preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") ''
+              MACOSX_DEPLOYMENT_TARGET=10.16
+            '';
+
+            configureFlags = [
+              "--enable-argon2"
+              "--enable-crypt"
+              "--enable-modules"
+              "--enable-overlays"
+            ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+              "--with-yielding_select=yes"
+              "ac_cv_func_memcmp_working=yes"
+            ] ++ lib.optional stdenv.isFreeBSD "--with-pic";
+
+            env.NIX_CFLAGS_COMPILE = toString [ "-DLDAPI_SOCK=\"/run/openldap/ldapi\"" ];
+
+            makeFlags= [
+              "CC=${stdenv.cc.targetPrefix}cc"
+              "STRIP="  # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase.
+              "STRIP_OPTS="
+              "prefix=${placeholder "out"}"
+              "sysconfdir=/etc"
+              "systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
+              # contrib modules require these
+              "moduledir=${placeholder "out"}/lib/modules"
+              "mandir=${placeholder "out"}/share/man"
+            ];
+
+            extraContribModules = [
+              # https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules
+              "passwd/sha2"
+              "passwd/pbkdf2"
+              "passwd/totp"
+            ];
+
+            postBuild = ''
+              for module in $extraContribModules; do
+                make $makeFlags CC=$CC -C contrib/slapd-modules/$module
+              done
+            '';
+
+            preCheck = ''
+              substituteInPlace tests/scripts/all \
+                --replace "/bin/rm" "rm"
+            '';
+          };
+
+          doCheck = true;
+
+          # The directory is empty and serve no purpose.
+          preFixup = ''
+            rm -r $out/var
+          '';
+
+          installFlags = [
+            "prefix=${placeholder "out"}"
+            "sysconfdir=${placeholder "out"}/etc"
+            "moduledir=${placeholder "out"}/lib/modules"
+            "INSTALL=install"
+          ];
+
+          postInstall = ''
+            for module in $extraContribModules; do
+              make $installFlags install -C contrib/slapd-modules/$module
+            done
+            chmod +x "$out"/lib/*.{so,dylib}
+          '';
+
+#          passthru.tests = {
+#            inherit (nixosTests) openldap;
+#          };
+        };
+
+        # Provide some binary packages for selected system types.
+        packages = forAllSystems (system:
+          {
+            inherit (nixpkgsFor.${system}) openldap;
+          });
+
+        defaultPackage = forAllSystems (system: self.packages.${system}.openldap);
+
+        nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules =
+            [ ({ pkgs, ... }: {
+              boot.isContainer = true;
+
+              # Let 'nixos-version --json' know about the Git revision of this
+              # flake.
+              system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
+
+              # Network configuration.
+              networking.useDHCP = false;
+              networking.firewall.allowedTCPPorts = [ 636 ];
+
+            })
+            ];
+        };
+      };
+}
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@ -16,6 +16,7 @@
 #include "portable.h"

 #include <stdio.h>
+#include <ctype.h>

 #include <ac/ctype.h>
 #include <ac/string.h>