From 8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 13 Jun 2020 02:07:52 +0200
Subject: [PATCH] Fix Adminer mysql connection for PAM authentication

---
 .../history/_posts/2020-06-13-fix-adminer.md   | 10 ++++++++++
 .../private/websites/tools/tools/adminer.nix   |  4 ++--
 overlays/databases/mysql/default.nix           | 18 ++++++++++++++++++
 overlays/default.nix                           |  1 +
 overlays/php-packages/default.nix              |  6 ++++++
 overlays/php-packages/mysqli_patch.patch       | 11 +++++++++++
 6 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md
 create mode 100644 overlays/php-packages/default.nix
 create mode 100644 overlays/php-packages/mysqli_patch.patch

diff --git a/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md b/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md
new file mode 100644
index 0000000..af6edf1
--- /dev/null
+++ b/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md
@@ -0,0 +1,10 @@
+---
+title: "RÃ©paration dâAdminer"
+category: Fix
+tags: [BDD]
+date: 2020-06-13
+---
+Depuis la mise Ã  jour de NixOS Ã  19.09, Adminer (et plus gÃ©nÃ©ralement
+php) nâÃ©tait plus capable de se connecter Ã  mysql avec le mÃ©canisme PAM.
+Lâextension mysqli a Ã©tÃ© patchÃ©e pour permettre une telle utilisation,
+permettant dâutiliser Ã  nouveau Adminer comme client.
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
index 61fd37c..af03550 100644
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -1,4 +1,4 @@
-{ adminer, php74, forcePhpSocket ? null }:
+{ adminer, php74, php74base, myPhpPackages, lib, forcePhpSocket ? null }:
 rec {
   activationScript = {
     deps = [ "httpd" ];
@@ -10,7 +10,7 @@ rec {
   phpFpm = rec {
     user = apache.user;
     group = apache.group;
-    phpPackage = php74;
+    phpPackage = php74base.withExtensions (e: (lib.remove e.mysqli php74.enabledExtensions) ++ [myPhpPackages.mysqli_pam]);
     settings = {
       "listen.owner" = apache.user;
       "listen.group" = apache.group;
diff --git a/overlays/databases/mysql/default.nix b/overlays/databases/mysql/default.nix
index 4302cd1..f9e5791 100644
--- a/overlays/databases/mysql/default.nix
+++ b/overlays/databases/mysql/default.nix
@@ -2,5 +2,23 @@ self: super: rec {
   mariadb_pam = super.mariadb.overrideAttrs(old: {
     cmakeFlags = old.cmakeFlags ++ [ "-DWITH_AUTHENTICATION_PAM=ON" ];
     buildInputs = old.buildInputs ++ [ self.pam ];
+    outputs = old.outputs ++ [ "dev" ];
+    postInstall = ''
+      mkdir -p $dev $dev/lib $dev/share
+      cp -a $out/include $dev
+      cp -a $out/lib/{libmariadbclient.a,libmysqlclient.a,libmysqlclient_r.a,libmysqlservices.a} $dev/lib
+      cp -a $out/lib/pkgconfig $dev/lib
+      cp -a $out/share/aclocal $dev/share
+    '' + old.postInstall;
+  });
+  # This patched version includes C headers from the server part (see
+  # above). It seems to be required to build pam support in clients.
+  libmysqlclient_pam = super.libmysqlclient.overrideAttrs(old: {
+    prePatch = old.prePatch or "" + ''
+      sed -i -e '/define INCLUDE/s|"$| -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql/server -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql/server/private"|' mariadb_config/mariadb_config.c.in
+    '';
+    postInstall = old.postInstall or "" + ''
+      cp -a ${mariadb_pam.dev}/include/* $out/include/mariadb
+    '';
   });
 }
diff --git a/overlays/default.nix b/overlays/default.nix
index e63daa0..9a86754 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -18,6 +18,7 @@
   nixops = import ./nixops;
   pass = import ./pass;
   pelican = import ./pelican;
+  php-packages = import ./php-packages;
   postfix = import ./postfix;
   postgresql = import ./databases/postgresql;
   sc-im = import ./sc-im;
diff --git a/overlays/php-packages/default.nix b/overlays/php-packages/default.nix
new file mode 100644
index 0000000..90fb613
--- /dev/null
+++ b/overlays/php-packages/default.nix
@@ -0,0 +1,6 @@
+self: super: rec {
+  myPhpPackages.mysqli_pam = self.php74.extensions.mysqli.overrideAttrs(old: {
+    configureFlags = [ "--with-mysqli=${self.libmysqlclient_pam}/bin/mysql_config" "--with-mysql-sock=/run/mysqld/mysqld.sock" ];
+    patches = old.patches or [] ++ [ ./mysqli_patch.patch ];
+});
+}
diff --git a/overlays/php-packages/mysqli_patch.patch b/overlays/php-packages/mysqli_patch.patch
new file mode 100644
index 0000000..0ec3a3b
--- /dev/null
+++ b/overlays/php-packages/mysqli_patch.patch
@@ -0,0 +1,11 @@
+--- a/mysqli_nonapi.c
++++ b/mysqli_nonapi.c
+@@ -263,7 +263,7 @@ void mysqli_common_connect(INTERNAL_FUNC
+ 	php_mysqli_set_error(mysql_errno(mysql->mysql), (char *) mysql_error(mysql->mysql));
+ 
+ #if !defined(MYSQLI_USE_MYSQLND)
+-	mysql->mysql->reconnect = MyG(reconnect);
++	mysql_options(mysql->mysql, MYSQL_OPT_RECONNECT, (my_bool *)&MyG(reconnect));
+ #endif
+ 
+ 	mysql_options(mysql->mysql, MYSQL_OPT_LOCAL_INFILE, (char *)&MyG(allow_local_infile));
-- 
2.41.0