diff options
| -rw-r--r-- | good-dirsrv.scm | 237 | ||||
| -rw-r--r-- | vm.scm | 41 |
2 files changed, 3 insertions, 275 deletions
diff --git a/good-dirsrv.scm b/good-dirsrv.scm deleted file mode 100644 index 2aa4ab0..0000000 --- a/good-dirsrv.scm +++ /dev/null @@ -1,237 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2019, 2020 Ludovic Courtès <ludo@gnu.org> -;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2016, 2021 Leo Famulari <leo@famulari.name> -;;; Copyright © 2017, 2018, 2019, 2021 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> -;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> -;;; Copyright © 2020 Lars-Dominik Braun <ldb@leibniz-psychology.org> -;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com> -;;; Copyright © 2022 Marius Bakke <marius@gnu.org> -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. - -(use-modules (gnu packages openldap) - (gnu packages autotools) - (gnu packages check) - (gnu packages compression) - (gnu packages cyrus-sasl) - (gnu packages dbm) - (gnu packages documentation) - (gnu packages gettext) - (gnu packages gnupg) - (gnu packages groff) - (gnu packages icu4c) - (gnu packages kerberos) - (gnu packages libevent) - (gnu packages linux) - (gnu packages networking) - (gnu packages nss) - (gnu packages password-utils) - (gnu packages pcre) - (gnu packages perl) - (gnu packages pkg-config) - (gnu packages python) - (gnu packages python-xyz) - (gnu packages rsync) - (gnu packages selinux) - (gnu packages time) - (gnu packages tls) - (gnu packages web) - (gnu packages) - ((guix licenses) #:select (openldap2.8 lgpl2.1+ gpl3+ psfl expat)) - (guix packages) - (guix gexp) - (guix utils) - (guix download) - (guix build-system gnu) - (guix build-system python)) - - (package - (name "389-ds-base") - (version "1.4.4.17") - (source (origin - (method url-fetch) - (uri (string-append "https://github.com/389ds/389-ds-base/archive/" - "389-ds-base-" version ".tar.gz")) - (sha256 - (base32 - "0i8m4crbnjjhfb7cq758rd0fxyz36i291yq6fykkprjykz9s3zv4")))) - (build-system gnu-build-system) - (arguments - `(#:modules ((srfi srfi-1) - (guix build gnu-build-system) - ((guix build python-build-system) - #:select (add-installed-pythonpath python-version)) - (guix build utils)) - #:imported-modules ((guix build python-build-system) - ,@%gnu-build-system-modules) - #:configure-flags - (list (string-append "--with-db=" - (assoc-ref %build-inputs "bdb")) - (string-append "--with-sasl=" - (assoc-ref %build-inputs "cyrus-sasl")) - (string-append "--with-netsnmp=" - (assoc-ref %build-inputs "net-snmp")) - (string-append "--with-pcre=" - (assoc-ref %build-inputs "pcre")) - (string-append "--with-selinux=" - (assoc-ref %build-inputs "libselinux")) - "--with-libldap-r=no" - "--localstatedir=/var" - "--with-instconfigdir=/etc/dirsrv" - ;; The Perl scripts are being removed in the 1.4.0 release. - ;; Building them would require packaging of the outdated Mozilla - ;; LDAP SDK (instead of OpenLDAP) and PerLDAP. - "--disable-perl") - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'fix-references - (lambda _ - (substitute* "include/ldaputil/certmap.h" - (("nss3/cert.h") "nss/cert.h")) - (substitute* "src/lib389/lib389/utils.py" - (("'/sbin/ip'") - (string-append "'" (which "ip") "'"))) - (substitute* "src/lib389/lib389/nss_ssl.py" - (("'/usr/bin/certutil'") - (string-append "'" (which "certutil") "'")) - (("'/usr/bin/openssl'") - (string-append "'" (which "openssl") "'")) - (("'/usr/bin/c_rehash'") - (string-append "'" (which "perl") "', '" - (which "c_rehash") "'"))))) - (add-after 'unpack 'overwrite-default-locations - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (substitute* "src/lib389/lib389/paths.py" - (("/usr/share/dirsrv/inf/defaults.inf") - (string-append out "/share/dirsrv/inf/defaults.inf"))) - ;; This directory can only be specified relative to sysconfdir. This - ;; is used to determine where to look for installed directory - ;; servers, so in the absence of a search path it needs to be global. - (substitute* "ldap/admin/src/defaults.inf.in" - (("^initconfig_dir =.*") - "initconfig_dir = /etc/dirsrv/registry\n")) - ;; This is used to determine where to write certificate files - ;; when installing new directory server instances. - (substitute* '("src/lib389/lib389/instance/setup.py" - "src/lib389/lib389/instance/remove.py") - (("etc_dirsrv_path = .*") - "etc_dirsrv_path = '/etc/dirsrv/'\n"))))) - (add-after 'unpack 'fix-install-location-of-python-tools - (lambda* (#:key inputs outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (pythondir (string-append - out "/lib/python" - (python-version (assoc-ref inputs "python")) - "/site-packages/"))) - ;; Install directory must be on PYTHONPATH. - (add-installed-pythonpath inputs outputs) - ;; Install directory must exist. - (mkdir-p pythondir) - (substitute* "src/lib389/setup.py" - (("/usr") out)) - (substitute* "Makefile.am" - (("setup.py install --skip-build" m) - (string-append - m " --prefix=" out - " --root=/ --single-version-externally-managed")))))) - (add-after 'unpack 'dont-use-libldap-r - (lambda _ - (substitute* "Makefile.am" - (("-lldap_r") "-lldap")))) - (add-after 'build 'build-python-tools - (lambda* (#:key make-flags #:allow-other-keys) - ;; Set DETERMINISTIC_BUILD to override the embedded mtime in pyc - ;; files. - (setenv "DETERMINISTIC_BUILD" "1") - ;; Use deterministic hashes for strings, bytes, and datetime - ;; objects. - (setenv "PYTHONHASHSEED" "0") - (apply invoke "make" "lib389" make-flags))) - (add-after 'install 'install-python-tools - (lambda* (#:key make-flags #:allow-other-keys) - (apply invoke "make" "lib389-install" make-flags))) - (add-after 'install-python-tools 'wrap-python-tools - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (pythonpath (getenv "GUIX_PYTHONPATH"))) - (for-each (lambda (file) - (wrap-program (string-append out file) - `("GUIX_PYTHONPATH" ":" prefix (,pythonpath)))) - '("/sbin/dsconf" - "/sbin/dscreate" - "/sbin/dsctl" - "/sbin/dsidm" - "/bin/ds-logpipe.py" - "/bin/ds-replcheck")))))))) - (inputs - (list bdb - cracklib - cyrus-sasl - gnutls - httpd - icu4c - iproute - libevent - libselinux - linux-pam - mit-krb5 - net-snmp - nspr - nss - (list nss "bin") ; for certutil - openldap - openssl ; #included by net-snmp - pcre - python - python-pyasn1 - python-pyasn1-modules - python-pytest - python-dateutil - python-six - python-argcomplete - python-argparse-manpage - python-ldap)) - (native-inputs - (list autoconf - automake - doxygen - gettext-minimal - libtool - perl - rsync - pkg-config)) - (home-page "https://directory.fedoraproject.org") - (synopsis "Enterprise-class LDAP server") - (description "389ds is an enterprise-class LDAP server. It is hardened by -real-world use, is full-featured, and supports multi-master replication. - -Other features include: - -@enumerate -@item Online, zero downtime, LDAP-based update of schema, configuration, and - management including @dfn{Access Control Information} (ACIs); -@item Asynchronous Multi-Master Replication, to provide fault tolerance and - high write performance; -@item Extensive documentation; -@item Secure authentication and transport (TLS, and SASL); -@item LDAPv3 compliant server. -@end enumerate\n") - ;; GPLv3+ with OpenSSL linking exception. - (license gpl3+)) @@ -23,10 +23,6 @@ service-type simple-service)) ((gnu services base) #:select (guix-service-type guix-extension %base-services)) - ((gnu services ldap) #:select - (backend-userroot-configuration - directory-server-instance-configuration - directory-server-service-type slapd-configuration)) ((gnu services mcron) #:prefix mc:) ((gnu services networking) #:select (dhcp-client-service-type)) ((gnu services shepherd) #:select @@ -50,9 +46,6 @@ (define %here (dirname (current-filename))) -(define 389-ds-base - (load (string-append %here "/good-dirsrv.scm"))) - (define %ctftilde-phases (with-imported-modules '((guix build guile-build-system)) #~(modify-phases %standard-phases @@ -127,21 +120,6 @@ Cantius, part of a CTF competition VM.") (prepend %services (service dhcp-client-service-type)) -(define ds-root-password-hash - (let* ((password (call-with-input-file "ds-389.password" get-string-all)) - (path (string-split (getenv "PATH") #\:)) - (has-pwdhash? (search-path path "pwdhash")) - (command (list "pwdhash" "-s" "SHA256" password)) - (command* (if has-pwdhash? - command - (cons* "guix" "shell" "389-ds-base" "--" command))) - (pipe (apply open-pipe* OPEN_READ command*)) - (hash (get-string-all pipe))) - (close-pipe pipe) - (string-trim-right hash #\newline))) - -(format #t "directory server root password hash: ~A~%" ds-root-password-hash) - (prepend %services (simple-service 'cert-access-ctftilde activation-service-type #~(let ((access-gid (group:gid (getgrnam "cert-ctftilde")))) @@ -153,20 +131,6 @@ Cantius, part of a CTF competition VM.") '(#o750 #o640 #o640))))) (prepend %services - (service directory-server-service-type - (directory-server-instance-configuration - (package 389-ds-base) - (full-machine-name "ctftilde.koszko.org") - (slapd (slapd-configuration - (instance-name "ctftilde") - (root-dn "cn=CTF Manager") - (root-password ds-root-password-hash) - (run-dir "/var/run/dirsrv"))) - (backend-userroot ((@@ (gnu services ldap) backend-userroot-configuration) - ;;(create-suffix-entry? #f) - (suffix "dc=ctftilde,dc=koszko,dc=org")))))) - -(prepend %services (simple-service 'gemini-main-server-directory activation-service-type #~(begin (false-if-exception (delete-file "/srv/gemini")) @@ -352,8 +316,9 @@ Cantius, part of a CTF competition VM.") "net-tools" "man-pages-posix" "emacs")) - (list ctftilde - 389-ds-base) + + (list ctftilde) + %base-packages)) (services %services)) |