nixpkgs/pkgs/servers/freeradius/default.nix

111 lines
3.1 KiB
Nix
Raw Normal View History

{ stdenv, fetchurl, fetchpatch, autoreconfHook, talloc, finger_bsd, perl
, openssl
, linkOpenssl? true
, openldap
2017-01-26 02:00:26 +00:00
, withLdap ? true
, sqlite
2017-01-26 02:00:26 +00:00
, withSqlite ? true
, libpcap
, withPcap ? true
, libcap
, withCap ? true
, libmemcached
, withMemcached ? false
, hiredis
, withRedis ? false
, libmysqlclient
, withMysql ? false
, json_c
, withJson ? false
, libyubikey
, withYubikey ? false
, collectd
, withCollectd ? false
, curl
, withRest ? false
}:
2016-03-13 07:22:27 +00:00
assert withSqlite -> sqlite != null;
assert withLdap -> openldap != null;
assert withPcap -> libpcap != null;
assert withCap -> libcap != null;
assert withMemcached -> libmemcached != null;
assert withRedis -> hiredis != null;
assert withMysql -> libmysqlclient != null;
assert withYubikey -> libyubikey != null;
assert withCollectd -> collectd != null;
assert withRest -> curl != null && withJson;
2016-03-13 07:22:27 +00:00
## TODO: include windbind optionally (via samba?)
## TODO: include oracle optionally
## TODO: include ykclient optionally
with stdenv.lib;
2016-03-13 07:22:27 +00:00
stdenv.mkDerivation rec {
pname = "freeradius";
2019-11-27 23:11:39 +00:00
version = "3.0.20";
2016-03-13 07:22:27 +00:00
2017-01-26 02:00:26 +00:00
src = fetchurl {
url = "ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-${version}.tar.gz";
2019-11-27 23:11:39 +00:00
sha256 = "0zrnlpril8lcnyd6zz0wy45wj5i2k2krcf42dwa0rldjsjh6nazp";
2017-01-26 02:00:26 +00:00
};
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ openssl talloc finger_bsd perl ]
++ optional withLdap openldap
++ optional withSqlite sqlite
++ optional withPcap libpcap
++ optional withCap libcap
++ optional withMemcached libmemcached
++ optional withRedis hiredis
++ optional withMysql libmysqlclient
++ optional withJson json_c
++ optional withYubikey libyubikey
++ optional withCollectd collectd
++ optional withRest curl;
2016-03-13 07:22:27 +00:00
configureFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
] ++ optional (!linkOpenssl) "--with-openssl=no";
2016-03-13 07:22:27 +00:00
patches = stdenv.lib.optional withRest (fetchpatch {
# Fix HTTP/2 in rest
url = "https://github.com/FreeRADIUS/freeradius-server/commit/6286520698a3cc4053b4d49eb0a61d9ba77632aa.patch";
sha256 = "1ycvr3ql1mfkvzydnn4aiygnidicv2hgllppv37nb1p2pk02159g";
});
postPatch = ''
substituteInPlace src/main/checkrad.in --replace "/usr/bin/finger" "${finger_bsd}/bin/finger"
'';
2020-02-28 09:50:43 +00:00
# By default, freeradius will generate Diffie-Hellman parameters and
# self-signed TLS certificates during installation. We don't want
# this, for several reasons:
# - reproducibility (random generation)
# - we don't want _anybody_ to use a cert where the private key is on our public binary cache!
# - we don't want the certs to change each time the package is rebuilt
# So let's avoid anything getting into our output.
makeFlags = [ "LOCAL_CERT_FILES=" ];
2016-03-13 07:22:27 +00:00
installFlags = [
"sysconfdir=\${out}/etc"
"localstatedir=\${TMPDIR}"
2020-02-28 09:50:43 +00:00
"INSTALL_CERT_FILES=" # see comment at makeFlags
];
2016-03-13 07:22:27 +00:00
outputs = [ "out" "dev" "man" "doc" ];
2016-03-13 07:22:27 +00:00
meta = with stdenv.lib; {
2017-08-25 12:57:39 +01:00
homepage = https://freeradius.org/;
2016-03-13 07:22:27 +00:00
description = "A modular, high performance free RADIUS suite";
2017-09-02 00:08:07 +01:00
license = licenses.gpl2;
2020-02-27 17:07:55 +00:00
maintainers = with maintainers; [ sheenobu willibutz fpletz lheckemann elseym ];
platforms = with platforms; linux;
2016-03-13 07:22:27 +00:00
};
}