nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-26 00:43:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

lsh: drop

Browse Source
This commit is contained in:
Sigmanificient 2024-08-14 03:05:04 +02:00
parent 422d853079
commit e959525e15
10 changed files with 4 additions and 282 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -311,6 +311,8 @@
- The `services.trust-dns` module has been renamed to `services.hickory-dns`.
- The `lsh` package and the `services.lshd` module have been removed as they had no maintainer in Nixpkgs and hadnt seen an upstream release in over a decade. It is recommended to migrate to `openssh` and `services.openssh`.
## Other Notable Changes {#sec-release-24.11-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

1
nixos/modules/module-list.nix
View File

@ -1205,7 +1205,6 @@
./services/networking/spacecookie.nix
./services/networking/spiped.nix
./services/networking/squid.nix
./services/networking/ssh/lshd.nix
./services/networking/ssh/sshd.nix
./services/networking/sslh.nix
./services/networking/strongswan-swanctl/module.nix

2
nixos/modules/rename.nix
View File

@ -37,7 +37,6 @@ in
The xow package was removed from nixpkgs. Upstream has deprecated
the project and users are urged to switch to xone.
'')
(mkRemovedOptionModule [ "networking" "liboop" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
(mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "programs" "gnome-documents" ] "The corresponding package was removed from nixpkgs.")
@ -71,6 +70,7 @@ in
(mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "lshd" ] "The corresponding package was removed from nixpkgs as it had no maintainer in Nixpkgs and hasn't seen an upstream release in over a decades.")
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")

187
nixos/modules/services/networking/ssh/lshd.nix
View File

@ -1,187 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (pkgs) lsh;
cfg = config.services.lshd;
in
{
###### interface
options = {
services.lshd = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the GNU lshd SSH2 daemon, which allows
secure remote login.
'';
};
portNumber = mkOption {
default = 22;
type = types.port;
description = ''
The port on which to listen for connections.
'';
};
interfaces = mkOption {
default = [];
type = types.listOf types.str;
description = ''
List of network interfaces where listening for connections.
When providing the empty list, `[]`, lshd listens on all
network interfaces.
'';
example = [ "localhost" "1.2.3.4:443" ];
};
hostKey = mkOption {
default = "/etc/lsh/host-key";
type = types.str;
description = ''
Path to the server's private key. Note that this key must
have been created, e.g., using "lsh-keygen --server |
lsh-writekey --server", so that you can run lshd.
'';
};
syslog = mkOption {
type = types.bool;
default = true;
description = "Whether to enable syslog output.";
};
passwordAuthentication = mkOption {
type = types.bool;
default = true;
description = "Whether to enable password authentication.";
};
publicKeyAuthentication = mkOption {
type = types.bool;
default = true;
description = "Whether to enable public key authentication.";
};
rootLogin = mkOption {
type = types.bool;
default = false;
description = "Whether to enable remote root login.";
};
loginShell = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
If non-null, override the default login shell with the
specified value.
'';
example = "/nix/store/xyz-bash-10.0/bin/bash10";
};
srpKeyExchange = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable SRP key exchange and user authentication.
'';
};
tcpForwarding = mkOption {
type = types.bool;
default = true;
description = "Whether to enable TCP/IP forwarding.";
};
x11Forwarding = mkOption {
type = types.bool;
default = true;
description = "Whether to enable X11 forwarding.";
};
subsystems = mkOption {
type = types.listOf types.path;
description = ''
List of subsystem-path pairs, where the head of the pair
denotes the subsystem name, and the tail denotes the path to
an executable implementing it.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
services.lshd.subsystems = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
systemd.services.lshd = {
description = "GNU lshd SSH2 daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
LD_LIBRARY_PATH = config.system.nssModules.path;
};
preStart = ''
test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh
test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh
if ! test -f /var/spool/lsh/yarrow-seed-file
then
# XXX: It would be nice to provide feedback to the
# user when this fails, so that they can retry it
# manually.
${lsh}/bin/lsh-make-seed --sloppy \
-o /var/spool/lsh/yarrow-seed-file
fi
if ! test -f "${cfg.hostKey}"
then
${lsh}/bin/lsh-keygen --server | \
${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}"
fi
'';
script = with cfg; ''
${lsh}/sbin/lshd --daemonic \
--password-helper="${lsh}/sbin/lsh-pam-checkpw" \
-p ${toString portNumber} \
${optionalString (interfaces != []) (concatStrings (map (i: "--interface=\"${i}\"") interfaces))} \
-h "${hostKey}" \
${optionalString (!syslog) "--no-syslog" } \
${if passwordAuthentication then "--password" else "--no-password" } \
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
${if rootLogin then "--root-login" else "--no-root-login" } \
${optionalString (loginShell != null) "--login-shell=\"${loginShell}\"" } \
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
--subsystems=${concatStringsSep ","
(map (pair: (head pair) + "=" +
(head (tail pair)))
subsystems)}
'';
};
security.pam.services.lshd = {};
};
}

58
pkgs/tools/networking/lsh/default.nix
View File

@ -1,58 +0,0 @@
{ lib, stdenv, fetchurl, gperf, guile, gmp, zlib, liboop, readline, gnum4, pam
, nettools, lsof, procps, libxcrypt }:
stdenv.mkDerivation rec {
pname = "lsh";
version = "2.0.4";
src = fetchurl {
url = "mirror://gnu/lsh/lsh-${version}.tar.gz";
sha256 = "614b9d63e13ad3e162c82b6405d1f67713fc622a8bc11337e72949d613713091";
};
patches = [ ./pam-service-name.patch ./lshd-no-root-login.patch ];
preConfigure = ''
# Patch `lsh-make-seed' so that it can gather enough entropy.
sed -i "src/lsh-make-seed.c" \
-e "s|/usr/sbin/arp|${nettools}/sbin/arp|g ;
s|/usr/bin/netstat|${nettools}/bin/netstat|g ;
s|/usr/local/bin/lsof|${lsof}/bin/lsof|g ;
s|/bin/vmstat|${procps}/bin/vmstat|g ;
s|/bin/ps|${procps}/bin/sp|g ;
s|/usr/bin/w|${procps}/bin/w|g ;
s|/usr/bin/df|$(type -P df)|g ;
s|/usr/bin/ipcs|$(type -P ipcs)|g ;
s|/usr/bin/uptime|$(type -P uptime)|g"
# Skip the `configure' script that checks whether /dev/ptmx & co. work as
# expected, because it relies on impurities (for instance, /dev/pts may
# be unavailable in chroots.)
export lsh_cv_sys_unix98_ptys=yes
'';
# -fcommon: workaround build failure on -fno-common toolchains like upstream
# gcc-10. Otherwise build fails as:
# ld: liblsh.a(unix_user.o):/build/lsh-2.0.4/src/server_userauth.h:108: multiple definition of
# `server_userauth_none_preauth'; lshd.o:/build/lsh-2.0.4/src/server_userauth.h:108: first defined here
# Should be present in upcoming 2.1 release.
env.NIX_CFLAGS_COMPILE = "-std=gnu90 -fcommon";
buildInputs = [ gperf guile gmp zlib liboop readline gnum4 pam libxcrypt ];
meta = {
description = "GPL'd implementation of the SSH protocol";
longDescription = ''
lsh is a free implementation (in the GNU sense) of the ssh
version 2 protocol, currently being standardised by the IETF
SECSH working group.
'';
homepage = "http://www.lysator.liu.se/~nisse/lsh/";
license = lib.licenses.gpl2Plus;
maintainers = [ ];
platforms = [ "x86_64-linux" ];
};
}

16
pkgs/tools/networking/lsh/lshd-no-root-login.patch
View File

@ -1,16 +0,0 @@
Correctly handle the `--no-root-login' option.
--- lsh-2.0.4/src/lshd.c 2006-05-01 13:47:44.000000000 +0200
+++ lsh-2.0.4/src/lshd.c 2009-09-08 12:20:36.000000000 +0200
@@ -758,6 +758,10 @@ main_argp_parser(int key, char *arg, str
self->allow_root = 1;
break;
+ case OPT_NO_ROOT_LOGIN:
+ self->allow_root = 0;
+ break;
+
case OPT_KERBEROS_PASSWD:
self->pw_helper = PATH_KERBEROS_HELPER;
break;

14
pkgs/tools/networking/lsh/pam-service-name.patch
View File

@ -1,14 +0,0 @@
Tell `lsh-pam-checkpw', the PAM password helper program, to use a more
descriptive service name.
--- lsh-2.0.4/src/lsh-pam-checkpw.c 2003-02-16 22:30:10.000000000 +0100
+++ lsh-2.0.4/src/lsh-pam-checkpw.c 2008-11-28 16:16:58.000000000 +0100
@@ -38,7 +38,7 @@
#include <security/pam_appl.h>
#define PWD_MAXLEN 1024
-#define SERVICE_NAME "other"
+#define SERVICE_NAME "lshd"
#define TIMEOUT 600
static int

1
pkgs/top-level/aliases.nix
View File

@ -912,6 +912,7 @@ mapAliases ({
llvm_11 = throw "llvm_11 has been removed from nixpkgs"; # Added 2024-01-24
lobster-two = google-fonts; # Added 2021-07-22
lsh = throw "lsh has been removed as it had no maintainer in Nixpkgs and hasn't seen an upstream release in over a decade"; # Added 2024-08-14
luxcorerender = throw "'luxcorerender' has been removed as it's unmaintained and broken in nixpkgs since a while ago"; # Added 2023-06-07
lv_img_conv = throw "'lv_img_conv' has been removed from nixpkgs as it is broken"; # Added 2024-06-18
lxd = lib.warn "lxd has been renamed to lxd-lts" lxd-lts; # Added 2024-04-01

4
pkgs/top-level/all-packages.nix
View File

@ -10163,10 +10163,6 @@ with pkgs;
lsb-release = callPackage ../os-specific/linux/lsb-release { };
# lsh installs `bin/nettle-lfib-stream' and so does Nettle. Give the
# former a lower priority than Nettle.
lsh = lowPrio (callPackage ../tools/networking/lsh { });
lunatic = callPackage ../development/interpreters/lunatic { };
lux = callPackage ../tools/video/lux { };

1
pkgs/top-level/release-small.nix
View File

@ -82,7 +82,6 @@ in
libxml2 = all;
libxslt = all;
lout = linux;
lsh = linux;
lsof = linux;
ltrace = linux;
lvm2 = linux;