Fix Adminer mysql connection for PAM authentication

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-06-13 02:07:52 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-06-13 02:08:03 +0200
commit: 8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f (patch)
tree: ded4d754f324f59688345b3fd19459b3bb8ad70e
parent: 8b2f048bed8d081f18d9ba7bc1cce16c28670217 (diff)
download: Nix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.tar.gz
Nix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.tar.zst
Nix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.zip
6 files changed, 48 insertions, 2 deletions
diff --git a/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md b/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md
new file mode 100644
index 0000000..af6edf1
--- /dev/null
+++ b/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md
@@ -0,0 +1,10 @@
+---
+title: "Réparation d’Adminer"
+category: Fix
+tags: [BDD]
+date: 2020-06-13
+---
+Depuis la mise à jour de NixOS à 19.09, Adminer (et plus généralement
+php) n’était plus capable de se connecter à mysql avec le mécanisme PAM.
+L’extension mysqli a été patchée pour permettre une telle utilisation,
+permettant d’utiliser à nouveau Adminer comme client.
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
index 61fd37c..af03550 100644
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -1,4 +1,4 @@
-{ adminer, php74, forcePhpSocket ? null }:
+{ adminer, php74, php74base, myPhpPackages, lib, forcePhpSocket ? null }:
 rec {
  activationScript = {
    deps = [ "httpd" ];
@@ -10,7 +10,7 @@ rec {
  phpFpm = rec {
    user = apache.user;
    group = apache.group;
-    phpPackage = php74;
+    phpPackage = php74base.withExtensions (e: (lib.remove e.mysqli php74.enabledExtensions) ++ [myPhpPackages.mysqli_pam]);
    settings = {
      "listen.owner" = apache.user;
      "listen.group" = apache.group;
diff --git a/overlays/databases/mysql/default.nix b/overlays/databases/mysql/default.nix
index 4302cd1..f9e5791 100644
--- a/overlays/databases/mysql/default.nix
+++ b/overlays/databases/mysql/default.nix
@@ -2,5 +2,23 @@ self: super: rec {
  mariadb_pam = super.mariadb.overrideAttrs(old: {
    cmakeFlags = old.cmakeFlags ++ [ "-DWITH_AUTHENTICATION_PAM=ON" ];
    buildInputs = old.buildInputs ++ [ self.pam ];
+    outputs = old.outputs ++ [ "dev" ];
+    postInstall = ''
+      mkdir -p $dev $dev/lib $dev/share
+      cp -a $out/include $dev
+      cp -a $out/lib/{libmariadbclient.a,libmysqlclient.a,libmysqlclient_r.a,libmysqlservices.a} $dev/lib
+      cp -a $out/lib/pkgconfig $dev/lib
+      cp -a $out/share/aclocal $dev/share
+    '' + old.postInstall;
+  });
+  # This patched version includes C headers from the server part (see
+  # above). It seems to be required to build pam support in clients.
+  libmysqlclient_pam = super.libmysqlclient.overrideAttrs(old: {
+    prePatch = old.prePatch or "" + ''
+      sed -i -e '/define INCLUDE/s|"$| -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql/server -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql/server/private"|' mariadb_config/mariadb_config.c.in
+    '';
+    postInstall = old.postInstall or "" + ''
+      cp -a ${mariadb_pam.dev}/include/* $out/include/mariadb
+    '';
  });
 }
diff --git a/overlays/default.nix b/overlays/default.nix
index e63daa0..9a86754 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -18,6 +18,7 @@
  nixops = import ./nixops;
  pass = import ./pass;
  pelican = import ./pelican;
+  php-packages = import ./php-packages;
  postfix = import ./postfix;
  postgresql = import ./databases/postgresql;
  sc-im = import ./sc-im;
diff --git a/overlays/php-packages/default.nix b/overlays/php-packages/default.nix
new file mode 100644
index 0000000..90fb613
--- /dev/null
+++ b/overlays/php-packages/default.nix
@@ -0,0 +1,6 @@
+self: super: rec {
+  myPhpPackages.mysqli_pam = self.php74.extensions.mysqli.overrideAttrs(old: {
+    configureFlags = [ "--with-mysqli=${self.libmysqlclient_pam}/bin/mysql_config" "--with-mysql-sock=/run/mysqld/mysqld.sock" ];
+    patches = old.patches or [] ++ [ ./mysqli_patch.patch ];
+});
+}
diff --git a/overlays/php-packages/mysqli_patch.patch b/overlays/php-packages/mysqli_patch.patch
new file mode 100644
index 0000000..0ec3a3b
--- /dev/null
+++ b/overlays/php-packages/mysqli_patch.patch
@@ -0,0 +1,11 @@
+--- a/mysqli_nonapi.c
+++ b/mysqli_nonapi.c
+@@ -263,7 +263,7 @@ void mysqli_common_connect(INTERNAL_FUNC
+        php_mysqli_set_error(mysql_errno(mysql->mysql), (char *) mysql_error(mysql->mysql));
+ 
+ #if !defined(MYSQLI_USE_MYSQLND)
+-       mysql->mysql->reconnect = MyG(reconnect);
+       mysql_options(mysql->mysql, MYSQL_OPT_RECONNECT, (my_bool *)&MyG(reconnect));
+ #endif
+ 
+        mysql_options(mysql->mysql, MYSQL_OPT_LOCAL_INFILE, (char *)&MyG(allow_local_infile));
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-06-13 02:07:52 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-06-13 02:08:03 +0200
commit	8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f (patch)
tree	ded4d754f324f59688345b3fd19459b3bb8ad70e
parent	8b2f048bed8d081f18d9ba7bc1cce16c28670217 (diff)
download	Nix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.tar.gz Nix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.tar.zst Nix-8f1d6cb579ec203ce86f8af30bea729dbb0a9f7f.zip

diff --git a/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md b/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md new file mode 100644 index 0000000..af6edf1 --- /dev/null +++ b/modules/private/websites/immae/history/_posts/2020-06-13-fix-adminer.md
@@ -0,0 +1,10 @@
		1	---
		2	title: "Réparation d’Adminer"
		3	category: Fix
		4	tags: [BDD]
		5	date: 2020-06-13
		6	---
		7	Depuis la mise à jour de NixOS à 19.09, Adminer (et plus généralement
		8	php) n’était plus capable de se connecter à mysql avec le mécanisme PAM.
		9	L’extension mysqli a été patchée pour permettre une telle utilisation,
		10	permettant d’utiliser à nouveau Adminer comme client.


diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix index 61fd37c..af03550 100644 --- a/modules/private/websites/tools/tools/adminer.nix +++ b/modules/private/websites/tools/tools/adminer.nix
@@ -1,4 +1,4 @@
1	{ adminer, php74, forcePhpSocket ? null }:	1	{ adminer, php74, php74base, myPhpPackages, lib, forcePhpSocket ? null }:
2	rec {	2	rec {
3	activationScript = {	3	activationScript = {
4	deps = [ "httpd" ];	4	deps = [ "httpd" ];
@@ -10,7 +10,7 @@ rec {
10	phpFpm = rec {	10	phpFpm = rec {
11	user = apache.user;	11	user = apache.user;
12	group = apache.group;	12	group = apache.group;
13	phpPackage = php74;	13	phpPackage = php74base.withExtensions (e: (lib.remove e.mysqli php74.enabledExtensions) ++ [myPhpPackages.mysqli_pam]);
14	settings = {	14	settings = {
15	"listen.owner" = apache.user;	15	"listen.owner" = apache.user;
16	"listen.group" = apache.group;	16	"listen.group" = apache.group;


diff --git a/overlays/databases/mysql/default.nix b/overlays/databases/mysql/default.nix index 4302cd1..f9e5791 100644 --- a/overlays/databases/mysql/default.nix +++ b/overlays/databases/mysql/default.nix
@@ -2,5 +2,23 @@ self: super: rec {
2	mariadb_pam = super.mariadb.overrideAttrs(old: {	2	mariadb_pam = super.mariadb.overrideAttrs(old: {
3	cmakeFlags = old.cmakeFlags ++ [ "-DWITH_AUTHENTICATION_PAM=ON" ];	3	cmakeFlags = old.cmakeFlags ++ [ "-DWITH_AUTHENTICATION_PAM=ON" ];
4	buildInputs = old.buildInputs ++ [ self.pam ];	4	buildInputs = old.buildInputs ++ [ self.pam ];
		5	outputs = old.outputs ++ [ "dev" ];
		6	postInstall = ''
		7	mkdir -p $dev $dev/lib $dev/share
		8	cp -a $out/include $dev
		9	cp -a $out/lib/{libmariadbclient.a,libmysqlclient.a,libmysqlclient_r.a,libmysqlservices.a} $dev/lib
		10	cp -a $out/lib/pkgconfig $dev/lib
		11	cp -a $out/share/aclocal $dev/share
		12	'' + old.postInstall;
		13	});
		14	# This patched version includes C headers from the server part (see
		15	# above). It seems to be required to build pam support in clients.
		16	libmysqlclient_pam = super.libmysqlclient.overrideAttrs(old: {
		17	prePatch = old.prePatch or "" + ''
		18	sed -i -e '/define INCLUDE/s\|"$\| -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql/server -I@CMAKE_SYSROOT@@CMAKE_INSTALL_PREFIX@/@INSTALL_INCLUDEDIR@/mysql/server/private"\|' mariadb_config/mariadb_config.c.in
		19	'';
		20	postInstall = old.postInstall or "" + ''
		21	cp -a ${mariadb_pam.dev}/include/* $out/include/mariadb
		22	'';
5	});	23	});
6	}	24	}


diff --git a/overlays/default.nix b/overlays/default.nix index e63daa0..9a86754 100644 --- a/overlays/default.nix +++ b/overlays/default.nix
@@ -18,6 +18,7 @@
18	nixops = import ./nixops;	18	nixops = import ./nixops;
19	pass = import ./pass;	19	pass = import ./pass;
20	pelican = import ./pelican;	20	pelican = import ./pelican;
		21	php-packages = import ./php-packages;
21	postfix = import ./postfix;	22	postfix = import ./postfix;
22	postgresql = import ./databases/postgresql;	23	postgresql = import ./databases/postgresql;
23	sc-im = import ./sc-im;	24	sc-im = import ./sc-im;


diff --git a/overlays/php-packages/default.nix b/overlays/php-packages/default.nix new file mode 100644 index 0000000..90fb613 --- /dev/null +++ b/overlays/php-packages/default.nix
@@ -0,0 +1,6 @@
		1	self: super: rec {
		2	myPhpPackages.mysqli_pam = self.php74.extensions.mysqli.overrideAttrs(old: {
		3	configureFlags = [ "--with-mysqli=${self.libmysqlclient_pam}/bin/mysql_config" "--with-mysql-sock=/run/mysqld/mysqld.sock" ];
		4	patches = old.patches or [] ++ [ ./mysqli_patch.patch ];
		5	});
		6	}


diff --git a/overlays/php-packages/mysqli_patch.patch b/overlays/php-packages/mysqli_patch.patch new file mode 100644 index 0000000..0ec3a3b --- /dev/null +++ b/overlays/php-packages/mysqli_patch.patch
@@ -0,0 +1,11 @@
		1	--- a/mysqli_nonapi.c
		2	+++ b/mysqli_nonapi.c
		3	@@ -263,7 +263,7 @@ void mysqli_common_connect(INTERNAL_FUNC
		4	php_mysqli_set_error(mysql_errno(mysql->mysql), (char *) mysql_error(mysql->mysql));
		5
		6	#if !defined(MYSQLI_USE_MYSQLND)
		7	- mysql->mysql->reconnect = MyG(reconnect);
		8	+ mysql_options(mysql->mysql, MYSQL_OPT_RECONNECT, (my_bool *)&MyG(reconnect));
		9	#endif
		10
		11	mysql_options(mysql->mysql, MYSQL_OPT_LOCAL_INFILE, (char *)&MyG(allow_local_infile));