alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

kanidm: 1.1.0-alpha.11 -> 1.1.0-alpha.12

Browse source 
* Update Cargo.lock from upstream.
* Adapt expression to upstream source tree layout changes.
* Apply patch to restore x86_64 v1 support

Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>

Also updates the NixOS test:

* Stop kanidm to recover the idm_admin account
* Group all tests into subtest blocks
* Add TODO to wait for unix socket on unixd for the next release

Co-Authored-By: Raito Bezarius <masterancpp@gmail.com>
Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
This commit is contained in:
Bjørn Forsman 2023-05-01 12:39:28 +02:00 committed by Martin Weinelt
parent c90b0d0a6f
commit ed99bd0fb9
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
3 changed files with 692 additions and 635 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
nixos/tests/kanidm.nix
View file

@ -63,12 +63,27 @@ import ./make-test-python.nix ({ pkgs, ... }:
'' ''
start_all() start_all()
server.wait_for_unit("kanidm.service") server.wait_for_unit("kanidm.service")
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'") with subtest("Test HTTP interface"):
client.succeed("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}") server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
rv, result = server.execute("kanidmd recover_account -c ${serverConfigFile} idm_admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
assert rv == 0 with subtest("Test LDAP interface"):
client.wait_for_unit("kanidm-unixd.service") server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'")
client.succeed("kanidm_unixd_status | grep working!")
with subtest("Test CLI login"):
client.succeed("kanidm login -D anonymous")
client.succeed("kanidm self whoami | grep anonymous@${serverDomain}")
with subtest("Recover idm_admin account"):
# Must stop the server for account recovery or else kanidmd fails with
# "unable to lock kanidm exclusive lock at /var/lib/kanidm/kanidm.db.klock".
server.succeed("systemctl stop kanidm")
server.succeed("su - kanidm -c 'kanidmd recover-account -c ${serverConfigFile} idm_admin 2>&1 | rg -o \'[A-Za-z0-9]{48}\' '")
server.succeed("systemctl start kanidm")
with subtest("Test unixd connection"):
client.wait_for_unit("kanidm-unixd.service")
# TODO: client.wait_for_file("/run/kanidm-unixd/sock")
client.wait_until_succeeds("kanidm-unix status | grep working!")
''; '';
}) })

1274
pkgs/servers/kanidm/Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

24
pkgs/servers/kanidm/default.nix
View file

@ -4,6 +4,7 @@
, nixosTests , nixosTests
, rustPlatform , rustPlatform
, fetchFromGitHub , fetchFromGitHub
, fetchpatch
, installShellFiles , installShellFiles
, pkg-config , pkg-config
, udev , udev
@ -17,35 +18,44 @@ let
in in
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "kanidm"; pname = "kanidm";
version = "1.1.0-alpha.11"; version = "1.1.0-alpha.12";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = pname; owner = pname;
repo = pname; repo = pname;
rev = "refs/tags/v${version}"; rev = "refs/tags/v${version}";
hash = "sha256-TVGLL1Ir/Nld0kdhWmcYYmChrW42ctJPY/U7wtuEwCo="; hash = "sha256-ZlUn7m5xgMWWIr9y/dkM/yZ2KF2LdkaxqtHsMcxAT/M=";
}; };
cargoLock = { cargoLock = {
lockFile = ./Cargo.lock; lockFile = ./Cargo.lock;
outputHashes = { outputHashes = {
"tracing-forest-0.1.4" = "sha256-ofBLxSzZ5SYy8cbViVUa6VXKbOgd8lt7QUYhL0BW6I4="; "tracing-forest-0.1.5" = "sha256-L6auSKB4DCnZBZpx7spiikhSOD6i1W3erc3zjn+26Ao=";
}; };
}; };
KANIDM_BUILD_PROFILE = "release_nixos_${arch}"; KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
patches = [
(fetchpatch {
# Bring back x86_64-v1 microarchitecture level
name = "cpu-opt-level.patch";
url = "https://github.com/kanidm/kanidm/commit/59c6723f7dfb2266eae45c3b2ddd377872a7a113.patch";
hash = "sha256-8rVEYitxvdVduQ/+AD/UG3v+mgT/VxkLoxNIXczUfCQ=";
})
];
postPatch = postPatch =
let let
format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml"; format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml";
profile = { profile = {
web_ui_pkg_path = "@web_ui_pkg_path@"; web_ui_pkg_path = "@web_ui_pkg_path@";
cpu_flags = if stdenv.isx86_64 then "x86_64_v1" else "none"; cpu_flags = if stdenv.isx86_64 then "x86_64_legacy" else "none";
}; };
in in
'' ''
cp ${format profile} profiles/${KANIDM_BUILD_PROFILE}.toml cp ${format profile} libs/profiles/${KANIDM_BUILD_PROFILE}.toml
substituteInPlace profiles/${KANIDM_BUILD_PROFILE}.toml \ substituteInPlace libs/profiles/${KANIDM_BUILD_PROFILE}.toml \
--replace '@web_ui_pkg_path@' "$out/ui" --replace '@web_ui_pkg_path@' "$out/ui"
''; '';
@ -66,7 +76,7 @@ rustPlatform.buildRustPackage rec {
# We don't compile the wasm-part form source, as there isn't a rustc for # We don't compile the wasm-part form source, as there isn't a rustc for
# wasm32-unknown-unknown in nixpkgs yet. # wasm32-unknown-unknown in nixpkgs yet.
mkdir $out mkdir $out
cp -r kanidmd_web_ui/pkg $out/ui cp -r server/web_ui/pkg $out/ui
''; '';
preFixup = '' preFixup = ''