nixpkgs/pkgs/tools/networking/openssh/default.nix
William A. Kennington III 88b8145750 openssh: 6.9p1 -> 7.1p1
This intentionally leaves out support for using existing dsa keys as
they are insecure and should not be enabled by default. If you need this
support, please make the changes in your ssh_config and sshd_config.
2015-09-15 12:14:12 -07:00

77 lines
2.0 KiB
Nix

{ stdenv, fetchurl, zlib, openssl, perl, libedit, pkgconfig, pam
, etcDir ? null
, hpnSupport ? false
, withKerberos ? false
, kerberos
}:
assert withKerberos -> kerberos != null;
let
hpnSrc = fetchurl {
url = mirror://sourceforge/hpnssh/openssh-6.6p1-hpnssh14v5.diff.gz;
sha256 = "682b4a6880d224ee0b7447241b684330b731018585f1ba519f46660c10d63950";
};
in
with stdenv.lib;
stdenv.mkDerivation rec {
name = "openssh-7.1p1";
src = fetchurl {
url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz";
sha256 = "0a44mnr8bvw41zg83xh4sb55d8nds29j95gxvxk5qg863lnns2pw";
};
prePatch = optionalString hpnSupport
''
gunzip -c ${hpnSrc} | patch -p1
export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
'';
patches = [ ./locale_archive.patch ];
buildInputs = [ zlib openssl libedit pkgconfig pam ]
++ optional withKerberos [ kerberos ];
# I set --disable-strip because later we strip anyway. And it fails to strip
# properly when cross building.
configureFlags = [
"--localstatedir=/var"
"--with-mantype=man"
"--with-libedit=yes"
"--disable-strip"
(if pam != null then "--with-pam" else "--without-pam")
] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
++ optional withKerberos "--with-kerberos5=${kerberos}"
++ optional stdenv.isDarwin "--disable-libutil";
preConfigure = ''
configureFlagsArray+=("--with-privsep-path=$out/empty")
mkdir -p $out/empty
'';
enableParallelBuilding = true;
postInstall = ''
# Install ssh-copy-id, it's very useful.
cp contrib/ssh-copy-id $out/bin/
chmod +x $out/bin/ssh-copy-id
cp contrib/ssh-copy-id.1 $out/share/man/man1/
'';
installFlags = [
"sysconfdir=\${out}/etc/ssh"
];
meta = {
homepage = "http://www.openssh.org/";
description = "An implementation of the SSH protocol";
license = stdenv.lib.licenses.bsd2;
platforms = platforms.unix;
maintainers = with maintainers; [ eelco ];
broken = hpnSupport; # probably after 6.7 update
};
}