In preparation for the deprecation of `stdenv.isX`.
These shorthands are not conducive to cross-compilation because they
hide the platforms.
Darwin might get cross-compilation for which the continued usage of `stdenv.isDarwin` will get in the way
One example of why this is bad and especially affects compiler packages
https://www.github.com/NixOS/nixpkgs/pull/343059
There are too many files to go through manually but a treewide should
get users thinking when they see a `hostPlatform.isX` in a place where it
doesn't make sense.
```
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv.is" "stdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv'.is" "stdenv'.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "clangStdenv.is" "clangStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "gccStdenv.is" "gccStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenvNoCC.is" "stdenvNoCC.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "inherit (stdenv) is" "inherit (stdenv.hostPlatform) is"
fd --type f "\.nix" | xargs sd --fixed-strings "buildStdenv.is" "buildStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "effectiveStdenv.is" "effectiveStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "originalStdenv.is" "originalStdenv.hostPlatform.is"
```
This change uses the new patch for HPN from FreeBSD project that adds a
missing include to `sshd.c` (for `channels.h`, that includes the
definition of `channel_set_hpn`).
While preparing this change, I read the git blame on all of the files I
touched. I saw a working lifetime of building this system which we use
every day and love dearly and keep maintained ourselves. I saw commits
from a 14 year range between 2003 to 2017!! I could not be more thankful
for Eelco's work on building large parts of the foundation of nixpkgs
that all of us rely on now.
However, the end date of that range of the files I looked at the blame
on was 2017. I did not see surviving code from any newer date than that.
Looking at the Git logs, Eelco has been working on other things, and
that's totally fine.
However, it means that our maintenance metadata is out of date on a lot
of packages, and *that*'s the reason I am submitting this change. There
are a lot of packages that don't have anyone with their name on them to
be pinged if they need attention, even if they have had recent activity
(although it is never clear if recent activity was just someone fixing
it because ZHF or because the package actually matters to them).
There are a lot of packages with storied history that maybe don't need
to be in the set anymore at all since they have not been touched in
years; or maybe they are simply finished.
Empty maintainer lists should be a sign that we need to figure out who
maintains it or potentially remove it if it has rotted, and allowing the
maintainer list to be empty if it is already not maintained is part of a
healthy repository ecology.
Either way, I would like to have the maintenance metadata not mislead
anyone into sending Eelco emails about packages he doesn't, in practice,
work on anymore. I have not removed his name from everything; there are
some things that he is the upstream for or has worked on more recently,
for instance, like Nix, which I have left alone.
openssh tests are very slow (they take ~30 mins because they are not
parallelized). This makes rebuilding (esp. after changes e.g. to
systemd) painful. Putting the tests into a separate derivation solves
this without losing any testing capability.
Debian does the same: https://packages.debian.org/sid/openssh-tests
The `openssh` and `openssh_hpn` packages are now built without
the Kerberos support by default in an effort to reduce the attack surface.
The Kerberos support is likely used only by a fraction of the total users
(I'm guessing mainly users integrating SSH in an Active Directory env) so
dropping it should not impact too many users. It should also be noted that
the Kerberos/GSSAPI auth is disabled by default in the configuration.
`opensshWithKerberos` and `openssh_hpnWithKerberos` are added in order
to provide an easy migration path for users needing this support.
The `openssh_gssapi` package is kept untouched.
DSA signature is being deprecated by upstream as noted in the 9.7
release notes: https://www.openssh.com/txt/release-9.7
An attribute is added to allow users to restore support while it is
still possible.
ldns is used for validating DNSSEC responses. With ldns enabled, using
SSHFP records on DNSSEC signed zones allows connecting to ssh servers
with host keys being automatically validated.
