Arch Linux User Repository

@DevPGSV thanks for sharing and the notification. I have updated the PKGBUILD.

I had the need to use:

• kanidm 1.1.0-alpha.12

As I needed to connect to a server with:

• kanidmd 1.1.0-alpha.12

And there is a JWT incompatibility between alpha.11 (current package build) and alpha.12 (latest available version).

I ended up with a working version:

diff --git a/PKGBUILD b/PKGBUILD
index b6c9a4e..74ad4f9 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -16,7 +16,7 @@ pkgname=(
    $_basename-server
    $_basename-unixd-clients
 )
-pkgver=1.1.0_alpha.11
+pkgver=1.1.0_alpha.12
 _realver=${pkgver/_/-}
 pkgrel=1
 pkgdesc='A identity management service and clients.'
@@ -25,13 +25,13 @@ source=("$_basename-$pkgver.tar.gz::https://github.com/$_basename/$_basename/arc
 arch=(x86_64 aarch64)
 license=(MPL-2.0)
 makedepends=(cargo systemd)
-sha256sums=('78c12b14441c554edce8ff3801bd31878e25c474098d64d4bb4d06165c559027')
+sha256sums=('6c1e807278e1f90d2ede930dcc612c0da1b6f9e18ed4046771cbaa125af4d296')


 build () {
   cd ${pkgbase}-$_realver

-  export KANIDM_BUILD_PROFILE="release_suse_x86_64"
+  export KANIDM_BUILD_PROFILE="release_suse_generic"
   cargo build --locked --release --target-dir target
 }

@@ -73,6 +73,7 @@ package_kanidm-server () {
   install -Dm644 platform/opensuse/kanidmd.service "${pkgdir}/usr/lib/systemd/system/kanidmd.service"

   install -Dm755 target/release/kanidmd "${pkgdir}/usr/bin/kanidmd"
+  install -Dm755 target/release/kanidm-ipa-sync "${pkgdir}/usr/bin/kanidm-ipa-sync"

   install -Dm644 target/release/build/completions/_kanidmd "${pkgdir}/usr/share/zsh/site-functions/_kanidmd"

@@ -81,7 +82,7 @@ package_kanidm-server () {

   # add web-ui files
   install -dv "${pkgdir}/usr/share/kanidm/ui/"
-  cp -r kanidmd_web_ui/pkg "${pkgdir}/usr/share/kanidm/ui/"
+  cp -r server/web_ui/pkg "${pkgdir}/usr/share/kanidm/ui/"
 }

 package_kanidm-unixd-clients () {
@@ -99,23 +100,17 @@ package_kanidm-unixd-clients () {
   install -Dm755 target/release/libnss_kanidm.so "${pkgdir}/usr/lib/libnss_kanidm.so.2"
   install -Dm755 target/release/libpam_kanidm.so "${pkgdir}/usr/lib/security/pam_kanidm.so"

-  install -Dm755 target/release/kanidm_cache_clear "${pkgdir}/usr/bin/kanidm_cache_clear"
-  install -Dm755 target/release/kanidm_cache_invalidate "${pkgdir}/usr/bin/kanidm_cache_invalidate"
   install -Dm755 target/release/kanidm_ssh_authorizedkeys "${pkgdir}/usr/bin/kanidm_ssh_authorizedkeys"
   install -Dm755 target/release/kanidm_ssh_authorizedkeys_direct "${pkgdir}/usr/bin/kanidm_ssh_authorizedkeys_direct"
+  install -Dm755 target/release/kanidm-unix "${pkgdir}/usr/bin/kanidm-unix"
   install -Dm755 target/release/kanidm_unixd "${pkgdir}/usr/bin/kanidm_unixd"
-  install -Dm755 target/release/kanidm_unixd_status "${pkgdir}/usr/bin/kanidm_unixd_status"
   install -Dm755 target/release/kanidm_unixd_tasks "${pkgdir}/usr/bin/kanidm_unixd_tasks"

   install -Dm644 target/release/build/completions/_kanidm_ssh_authorizedkeys_direct "${pkgdir}/usr/share/zsh/site-functions/_kanidm_ssh_authorizedkeys_direct"
-  install -Dm644 target/release/build/completions/_kanidm_cache_clear "${pkgdir}/usr/share/zsh/site-functions/_kanidm_cache_clear"
-  install -Dm644 target/release/build/completions/_kanidm_cache_invalidate "${pkgdir}/usr/share/zsh/site-functions/_kanidm_cache_invalidate"
   install -Dm644 target/release/build/completions/_kanidm_ssh_authorizedkeys "${pkgdir}/usr/share/zsh/site-functions/_kanidm_ssh_authorizedkeys"
-  install -Dm644 target/release/build/completions/_kanidm_unixd_status "${pkgdir}/usr/share/zsh/site-functions/_kanidm_unixd_status"
+  install -Dm644 target/release/build/completions/_kanidm_unix "${pkgdir}/usr/share/zsh/site-functions/_kanidm_unix"

   install -Dm644 target/release/build/completions/kanidm_ssh_authorizedkeys_direct.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_ssh_authorizedkeys_direct.sh"
-  install -Dm644 target/release/build/completions/kanidm_cache_clear.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_cache_clear.sh"
-  install -Dm644 target/release/build/completions/kanidm_cache_invalidate.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_cache_invalidate.sh"
   install -Dm644 target/release/build/completions/kanidm_ssh_authorizedkeys.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_ssh_authorizedkeys.sh"
-  install -Dm644 target/release/build/completions/kanidm_unixd_status.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_unixd_status.sh"
+  install -Dm644 target/release/build/completions/kanidm_unix.bash "${pkgdir}/usr/share/bash-completion/completions/kanidm_unix.sh"
 }

@cubi, thanks for asking thoughts concerning a metapackage. my reasoning centers around why "metapackage" as such do exist: https://lists.archlinux.org/pipermail/arch-dev-public/2019-January/029435.html. using such a concept for kanidm seems overkill. we only have server and client and a single dependency.

why i like to have 2 versions installed, @cubi? mainly to set the path and try without going through any complication of creating directories, checking out, separate builds etc. just set the path and try one or the other, for typical client apps very practical. python2, python3, java11, java17, swiftlang-5.4.2, swiftlang-5.5, and so on. for kanidm it would not rebuild, but just register the services for one or the other. but - i did not want to do it yet and thus not really missed the feature ... so lets not move and wait until sombody is missing it more :)

Hi @soloturn, sorry missed your post here.

I think the official release version and the git builds should conflict. I already had a case of different server and client versions, which puzzled me a lot. In that case the client was not able to correctly communicate with the Server. Furthermore, as far as I have seen, this is pretty common practice, e.g., paru and makes a lot sense to me as well.

Why would you want to mix/install different versions of kanidm in parallel?

Well, for convenience I created a package that just depends on the server, unixd, clients. Mainly because I wanted to be sure to keep versions in sync. So I can easily update/remove all kanidm related packages. I was think of putting the server as optional. As most install will probably use the client tooling, I guess.

What are your thoughts on that?

thanks cubi for the commit. did you try to create a meta package for kanidm (https://wiki.archlinux.org/title/Meta_package_and_package_group) and if yes, what is the thought process behind?

second, beeing able to install kanidm and kanidm-git in parallel would be quite helpful, therefor i deliberately did not conflict them. they still have overlapping directories though if i am not wrong.

made you co-maintainer, @cubi, thanks for the patch and hints!

three more issues:

• pam lib name should be

  install -Dm755 target/release/libpam_kanidm.so "${pkgdir}/usr/lib/security/pam_kanidm.so"

• unixd-tasks.service file should be

  install -Dm644 $srcdir/../kanidm-unixd-tasks.service "$pkgdir/usr/lib/systemd/system/kanidm-unixd-tasks.service"

• add kanidm_unixd_tasks binary

  install -Dm755 target/release/kanidm_unixd_tasks "${pkgdir}/usr/bin/kanidm_unixd_tasks"

patches are sent to @soloturn

Hi @soloturn,

thanks for creating these packages!

I found an issue using the unixd with nsswitch. Using getent passwd demo_user did not show any result from kanidm.

I could fix this by renaming the libnss_kanidm.so to libnss_kanidm.so.2.

Here is the patch for the PKGFILE. This solved it for me.

diff --git a/PKGBUILD b/PKGBUILD
index 7692b2b..ddf070d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -80,7 +80,7 @@ package_kanidm-git-unixd-clients () {

   cd "$pkgbase"

-  install -Dm755 target/release/libnss_kanidm.so "${pkgdir}/usr/lib/libnss_kanidm.so"
+  install -Dm755 target/release/libnss_kanidm.so "${pkgdir}/usr/lib/libnss_kanidm.so.2"
   install -Dm755 target/release/libpam_kanidm.so "${pkgdir}/usr/lib/security/libpam_kanidm.so"

   install -Dm755 target/release/kanidm_cache_clear "${pkgdir}/usr/bin/kanidm_cache_clear"