aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-06-13 02:07:52 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-06-13 02:08:03 +0200
commit8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f (patch)
treeded4d754f324f59688345b3fd19459b3bb8ad70e
parent8b2f048bed8d081f18d9ba7bc1cce16c28670217 (diff)
downloadNix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.tar.gz
Nix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.tar.zst
Nix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.zip
Fix Adminer mysql connection for PAM authentication
-rw-r--r--modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md10
-rw-r--r--modules/private/websites/tools/tools/adminer.nix4
-rw-r--r--overlays/databases/mysql/default.nix18
-rw-r--r--overlays/default.nix1
-rw-r--r--overlays/php-packages/default.nix6
-rw-r--r--overlays/php-packages/mysqli_patch.patch11
6 files changed, 48 insertions, 2 deletions
diff --git a/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md b/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md
new file mode 100644
index 0000000..af6edf1
--- /dev/null
+++ b/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md
@@ -0,0 +1,10 @@
1---
2title: "Réparation d’Adminer"
3category: Fix
4tags: [BDD]
5date: 2020-06-13
6---
7Depuis la mise à jour de NixOS à 19.09, Adminer (et plus généralement
8php) n’était plus capable de se connecter à mysql avec le mécanisme PAM.
9L’extension mysqli a été patchée pour permettre une telle utilisation,
10permettant d’utiliser à nouveau Adminer comme client.
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
index 61fd37c..af03550 100644
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -1,4 +1,4 @@
1{ adminer, php74, forcePhpSocket ? null }: 1{ adminer, php74, php74base, myPhpPackages, lib, forcePhpSocket ? null }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -10,7 +10,7 @@ rec {
10 phpFpm = rec { 10 phpFpm = rec {
11 user = apache.user; 11 user = apache.user;
12 group = apache.group; 12 group = apache.group;
13 phpPackage = php74; 13 phpPackage = php74base.withExtensions (e: (lib.remove e.mysqli php74.enabledExtensions) ++ [myPhpPackages.mysqli_pam]);
14 settings = { 14 settings = {
15 "listen.owner" = apache.user; 15 "listen.owner" = apache.user;
16 "listen.group" = apache.group; 16 "listen.group" = apache.group;
diff --git a/overlays/databases/mysql/default.nix b/overlays/databases/mysql/default.nix
index 4302cd1..f9e5791 100644
--- a/overlays/databases/mysql/default.nix
+++ b/overlays/databases/mysql/default.nix
@@ -2,5 +2,23 @@ self: super: rec {
2 mariadb_pam = super.mariadb.overrideAttrs(old: { 2 mariadb_pam = super.mariadb.overrideAttrs(old: {
3 cmakeFlags = old.cmakeFlags ++ [ "-DWITH_AUTHENTICATION_PAM=ON" ]; 3 cmakeFlags = old.cmakeFlags ++ [ "-DWITH_AUTHENTICATION_PAM=ON" ];
4 buildInputs = old.buildInputs ++ [ self.pam ]; 4 buildInputs = old.buildInputs ++ [ self.pam ];
5 outputs = old.outputs ++ [ "dev" ];
6 postInstall = ''
7 mkdir -p $dev $dev/lib $dev/share
8 cp -a $out/include $dev
9 cp -a $out/lib/{libmariadbclient.a,libmysqlclient.a,libmysqlclient_r.a,libmysqlservices.a} $dev/lib
10 cp -a $out/lib/pkgconfig $dev/lib
11 cp -a $out/share/aclocal $dev/share
12 '' + old.postInstall;
13 });
14 # This patched version includes C headers from the server part (see
15 # above). It seems to be required to build pam support in clients.
16 libmysqlclient_pam = super.libmysqlclient.overrideAttrs(old: {
17 prePatch = old.prePatch or "" + ''
18 sed -i -e '/define INCLUDE/s|"$| -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql/server -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql/server/private"|' mariadb_config/mariadb_config.c.in
19 '';
20 postInstall = old.postInstall or "" + ''
21 cp -a ${mariadb_pam.dev}/include/* $out/include/mariadb
22 '';
5 }); 23 });
6} 24}
diff --git a/overlays/default.nix b/overlays/default.nix
index e63daa0..9a86754 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -18,6 +18,7 @@
18 nixops = import ./nixops; 18 nixops = import ./nixops;
19 pass = import ./pass; 19 pass = import ./pass;
20 pelican = import ./pelican; 20 pelican = import ./pelican;
21 php-packages = import ./php-packages;
21 postfix = import ./postfix; 22 postfix = import ./postfix;
22 postgresql = import ./databases/postgresql; 23 postgresql = import ./databases/postgresql;
23 sc-im = import ./sc-im; 24 sc-im = import ./sc-im;
diff --git a/overlays/php-packages/default.nix b/overlays/php-packages/default.nix
new file mode 100644
index 0000000..90fb613
--- /dev/null
+++ b/overlays/php-packages/default.nix
@@ -0,0 +1,6 @@
1self: super: rec {
2 myPhpPackages.mysqli_pam = self.php74.extensions.mysqli.overrideAttrs(old: {
3 configureFlags = [ "--with-mysqli=${self.libmysqlclient_pam}/bin/mysql_config" "--with-mysql-sock=/run/mysqld/mysqld.sock" ];
4 patches = old.patches or [] ++ [ ./mysqli_patch.patch ];
5});
6}
diff --git a/overlays/php-packages/mysqli_patch.patch b/overlays/php-packages/mysqli_patch.patch
new file mode 100644
index 0000000..0ec3a3b
--- /dev/null
+++ b/overlays/php-packages/mysqli_patch.patch
@@ -0,0 +1,11 @@
1--- a/mysqli_nonapi.c
2+++ b/mysqli_nonapi.c
3@@ -263,7 +263,7 @@ void mysqli_common_connect(INTERNAL_FUNC
4 php_mysqli_set_error(mysql_errno(mysql->mysql), (char *) mysql_error(mysql->mysql));
5
6 #if !defined(MYSQLI_USE_MYSQLND)
7- mysql->mysql->reconnect = MyG(reconnect);
8+ mysql_options(mysql->mysql, MYSQL_OPT_RECONNECT, (my_bool *)&MyG(reconnect));
9 #endif
10
11 mysql_options(mysql->mysql, MYSQL_OPT_LOCAL_INFILE, (char *)&MyG(allow_local_infile));