diff --git a/.gitignore b/.gitignore index fe47cb97c8..c932ec50d4 100644 --- a/.gitignore +++ b/.gitignore @@ -26,6 +26,9 @@ resource.rc *0000.bin *.ilk +# Nix +result + # Misc *.eml *.patch diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000000..4e7f293d42 --- /dev/null +++ b/flake.lock @@ -0,0 +1,77 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1694452019, + "narHash": "sha256-G3ZXieZTVmgFaa6a/52cACbNO/NwadZJDtwupNlyMQk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "17983f679ae893336a050c79312f8a8de48470e6", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000000..f77e17ac6f --- /dev/null +++ b/flake.nix @@ -0,0 +1,203 @@ +# flake.nix -- +# +# A flake is simply a source tree (such as a Git repository) containing a file +# named flake.nix that provides a standardized interface to Nix artifacts such +# as packages or NixOS modules. Flakes can have dependencies on other flakes, +# with a “lock file” pinning those dependencies to exact revisions to ensure +# reproducible evaluation. This file describes a Nix source repository that +# provides development builds of Symas OpenLDAP and related builds libraries. +# It also provides a development environment for working on OpenLDAP, invoked +# with "nix develop". +# +# For more information about this and why this file is useful, see: +# https://nixos.wiki/wiki/Flakes +# +# Also look into direnv: https://direnv.net/, this can make it so that you can +# automatically get your environment set up when you change folders into the +# project. +# +# WARNING: currently, the packages provided by this flake are under development +# with no intended use in production systems or implied support in the future. + +{ + description = "OpenLDAP, an open-source implementation of the Lightweight Directory Access Protocol"; + + # Nixpkgs / NixOS version to use. + inputs = { + nixpkgs.url = "github:nixos/nixpkgs"; + flake-utils.url = "github:numtide/flake-utils"; + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + }; + + outputs = { self, nixpkgs, flake-utils, flake-compat }: + + let + # Grab a helper func out of the Nix language libraries. Annoyingly these + # are only accessible through legacyPackages right now, which forces us to + # indirect through a platform-specific path. The x86_64-linux in here + # doesn't really matter, since all we're grabbing is a pure Nix string + # manipulation function that doesn't build any software. + fileContents = nixpkgs.legacyPackages.x86_64-linux.lib.fileContents; + + # The openldap flake takes a nixpkgs package set, and builds the services + # from the same commit as this flake. In other words, it provides "built + # from HEAD", where HEAD is "whatever commit you imported the flake at". + + # Required to work with older version of flakes. + lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101"; + + # Generate a user-friendly version number (e.g. "1.2.3-20231027-DIRTY"). + # version = "${builtins.readFile ./VERSION.txt}.${builtins.substring 0 8 (self.lastModifiedDate or "19700101")}.${self.shortRev or "DIRTY"}"; + version = "${"2.6.6"}.${builtins.substring 0 8 (self.lastModifiedDate or "19700101")}.${self.shortRev or "DIRTY"}"; + + # System types to support. + supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; # "ppc64le-linux" + + # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'. + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + + # Nixpkgs instantiated for supported system types. + nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = [ self.overlay ]; }); + + in + { + + # A Nixpkgs overlay. + overlay = final: prev: { + + openldap = with final; stdenv.mkDerivation rec { + pname = "openldap"; + inherit version; + + src = ./.; + + outputs = [ + "out" + "dev" + "man" + "devdoc" + ]; + + enableParallelBuilding = true; + + nativeBuildInputs = [ +# autoreconfHook +# pkgconfig + groff + ]; + + buildInputs = [ + (cyrus_sasl.override { + inherit openssl; + }) + libsodium + libtool + openssl + ] ++ lib.optionals (stdenv.isLinux) [ + libxcrypt # causes linking issues on *-darwin + systemdMinimal + ]; + + preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") '' + MACOSX_DEPLOYMENT_TARGET=10.16 + ''; + + configureFlags = [ + "--enable-argon2" + "--enable-crypt" + "--enable-modules" + "--enable-overlays" + ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + "--with-yielding_select=yes" + "ac_cv_func_memcmp_working=yes" + ] ++ lib.optional stdenv.isFreeBSD "--with-pic"; + + env.NIX_CFLAGS_COMPILE = toString [ "-DLDAPI_SOCK=\"/run/openldap/ldapi\"" ]; + + makeFlags= [ + "CC=${stdenv.cc.targetPrefix}cc" + "STRIP=" # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase. + "STRIP_OPTS=" + "prefix=${placeholder "out"}" + "sysconfdir=/etc" + "systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" + # contrib modules require these + "moduledir=${placeholder "out"}/lib/modules" + "mandir=${placeholder "out"}/share/man" + ]; + + extraContribModules = [ + # https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules + "passwd/sha2" + "passwd/pbkdf2" + "passwd/totp" + ]; + + postBuild = '' + for module in $extraContribModules; do + make $makeFlags CC=$CC -C contrib/slapd-modules/$module + done + ''; + + preCheck = '' + substituteInPlace tests/scripts/all \ + --replace "/bin/rm" "rm" + ''; + }; + + doCheck = true; + + # The directory is empty and serve no purpose. + preFixup = '' + rm -r $out/var + ''; + + installFlags = [ + "prefix=${placeholder "out"}" + "sysconfdir=${placeholder "out"}/etc" + "moduledir=${placeholder "out"}/lib/modules" + "INSTALL=install" + ]; + + postInstall = '' + for module in $extraContribModules; do + make $installFlags install -C contrib/slapd-modules/$module + done + chmod +x "$out"/lib/*.{so,dylib} + ''; + +# passthru.tests = { +# inherit (nixosTests) openldap; +# }; + }; + + # Provide some binary packages for selected system types. + packages = forAllSystems (system: + { + inherit (nixpkgsFor.${system}) openldap; + }); + + defaultPackage = forAllSystems (system: self.packages.${system}.openldap); + + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + [ ({ pkgs, ... }: { + boot.isContainer = true; + + # Let 'nixos-version --json' know about the Git revision of this + # flake. + system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev; + + # Network configuration. + networking.useDHCP = false; + networking.firewall.allowedTCPPorts = [ 636 ]; + + }) + ]; + }; + }; +} diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index 14a5469fe2..039dbf254e 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -16,6 +16,7 @@ #include "portable.h" #include +#include #include #include