tvl-depot/third_party/openldap/default.nix

# OpenLDAP by default uses a simple shalted SHA1-hash for passwords,
# which is less than ideal.
#
# It does however include a contrib module which adds support for the
# Argon2 password hashing scheme. This overrides then OpenLDAP build
# derivation to include this module.
{ pkgs, ... }:

pkgs.openldap.overrideAttrs(old: {
  buildInputs = old.buildInputs ++ [ pkgs.libsodium ];

  postBuild = ''
    ${old.postBuild}
    make $makeFlags -C contrib/slapd-modules/passwd/argon2
  '';

  # This is required because the Makefile for this module hardcodes
  # /usr/bin/install, which is not a valid path - we want it to be
  # looked up from $PATH because it is included in stdenv.
  installFlags = old.installFlags ++ [ "INSTALL=install" ];

  postInstall = ''
    ${old.postInstall}
    make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2
  '';

})
feat(3p/openldap): Enable slapd-passwd-argon2 module This enables support for the Argon2 password hashing mechanism in OpenLDAP. Note that we also need to configure the LDAP module to load this, so this change is not yet sufficient for actually using Argon2 hashes. Change-Id: I151b854b777daa924b22224a43851432a88a2760 Reviewed-on: https://cl.tvl.fyi/c/depot/+/830 Reviewed-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Tested-by: BuildkiteCI 2020-07-01 19:45:23 +02:00			`# OpenLDAP by default uses a simple shalted SHA1-hash for passwords,`
			`# which is less than ideal.`
			`#`
			`# It does however include a contrib module which adds support for the`
			`# Argon2 password hashing scheme. This overrides then OpenLDAP build`
			`# derivation to include this module.`
			`{ pkgs, ... }:`

refactor: Move nixpkgs attribute to `third_party.nixpkgs` Please read b/108 to make sense of this. This gets rid of the explicit list of exposed packages from nixpkgs, and instead makes the entire package set available at `third_party.nixpkgs`. To accommodate this, a LOT of things have to be very slightly shuffled around. Some of this was done in already submitted CLs, but this change is unfortunately still quite noisy. Pay extra attention to: * overlay-like functionality that was partially moved to actual overlays (partially as in, the minimum required to get a green build) * modified uses of the package set path, esp. in NixOS systems Special notes: * xanthous has been disabled in CI because of issues with the Haskell overlay * //third_party/nix has been disabled because of other unclear dependency issues Both of these will be tackled in a followup CL. Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI 2021-04-10 18:05:16 +02:00			`pkgs.openldap.overrideAttrs(old: {`
feat(3p/openldap): Enable slapd-passwd-argon2 module This enables support for the Argon2 password hashing mechanism in OpenLDAP. Note that we also need to configure the LDAP module to load this, so this change is not yet sufficient for actually using Argon2 hashes. Change-Id: I151b854b777daa924b22224a43851432a88a2760 Reviewed-on: https://cl.tvl.fyi/c/depot/+/830 Reviewed-by: BuildkiteCI Reviewed-by: isomer <isomer@tvl.fyi> Tested-by: BuildkiteCI 2020-07-01 19:45:23 +02:00			`buildInputs = old.buildInputs ++ [ pkgs.libsodium ];`

			`postBuild = ''`
			`${old.postBuild}`
			`make $makeFlags -C contrib/slapd-modules/passwd/argon2`
			`'';`

			`# This is required because the Makefile for this module hardcodes`
			`# /usr/bin/install, which is not a valid path - we want it to be`
			`# looked up from $PATH because it is included in stdenv.`
			`installFlags = old.installFlags ++ [ "INSTALL=install" ];`

			`postInstall = ''`
			`${old.postInstall}`
			`make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2`
			`'';`

			`})`