Fix the following error when running `nix run .#openssh`:
error: unable to execute '/nix/store/bzxxfx0a774vqa3cbz66c2172smc317a-openssh-8.6p1/bin/openssh': No such file or directory
Also split out the variants of the package because I'm sick of waiting
for random patches to be updated before I can update my unpatched
openssh.
Also make pname correspond to the attribute name.
krb5-config from the host platform needs to be added to PATH so it can be run
during build. This works because krb5-config is a platform independent
shell-script. Before #100906, krb5-config was not used, so we didn't run into
this problem.
Hydra build is failing[1] because of a hash-mismatch of the gss-api
patch from debian.
I updated the patch, and activated the `autoreconfHook` when building
gss support as well, otherwise the build would fail with the following
error:
```
ERROR: configure is out of date; please run autoreconf (and configure)
```
[1] https://hydra.nixos.org/build/109409845
While 9fe10288f0 ensured that the
ssh-keysign path is searched for in PATH if not absolute,
it doesn't prevent the configure script from defaulting to an
absolute path in $out/libexec, making the whole effort rather
pointless.
ssh-keysign is used for host-based authentication, and is designed to be used
as SUID-root program. OpenSSH defaults to referencing it from libexec, which
cannot be made SUID in Nix.
added openssh_gssapi to make it easier to test the patched version
the HPN edition isn't available on top of 7.9p1 yet
fix-host-key-algorithms-plus.patch didn't apply anymore, assuming it's
fixed.
release notes: https://www.openssh.com/txt/release-7.9
This can be disabled with the `withKerberos` flag if desired.
Make the relevant assertions lazy,
so that if an overlay is used to set kerberos to null,
a later override can explicitly set `withKerberos` to false.
Don't build with GSSAPI by default;
the patchset is large and a bit hairy,
and it is reasonable to follow upstream who has not merged it
in not enabling it by default.