mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-23 06:03:40 +00:00
88b8145750
This intentionally leaves out support for using existing dsa keys as they are insecure and should not be enabled by default. If you need this support, please make the changes in your ssh_config and sshd_config.
77 lines
2.0 KiB
Nix
77 lines
2.0 KiB
Nix
{ stdenv, fetchurl, zlib, openssl, perl, libedit, pkgconfig, pam
|
|
, etcDir ? null
|
|
, hpnSupport ? false
|
|
, withKerberos ? false
|
|
, kerberos
|
|
}:
|
|
|
|
assert withKerberos -> kerberos != null;
|
|
|
|
let
|
|
|
|
hpnSrc = fetchurl {
|
|
url = mirror://sourceforge/hpnssh/openssh-6.6p1-hpnssh14v5.diff.gz;
|
|
sha256 = "682b4a6880d224ee0b7447241b684330b731018585f1ba519f46660c10d63950";
|
|
};
|
|
|
|
in
|
|
with stdenv.lib;
|
|
stdenv.mkDerivation rec {
|
|
name = "openssh-7.1p1";
|
|
|
|
src = fetchurl {
|
|
url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz";
|
|
sha256 = "0a44mnr8bvw41zg83xh4sb55d8nds29j95gxvxk5qg863lnns2pw";
|
|
};
|
|
|
|
prePatch = optionalString hpnSupport
|
|
''
|
|
gunzip -c ${hpnSrc} | patch -p1
|
|
export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
|
|
'';
|
|
|
|
patches = [ ./locale_archive.patch ];
|
|
|
|
buildInputs = [ zlib openssl libedit pkgconfig pam ]
|
|
++ optional withKerberos [ kerberos ];
|
|
|
|
# I set --disable-strip because later we strip anyway. And it fails to strip
|
|
# properly when cross building.
|
|
configureFlags = [
|
|
"--localstatedir=/var"
|
|
"--with-mantype=man"
|
|
"--with-libedit=yes"
|
|
"--disable-strip"
|
|
(if pam != null then "--with-pam" else "--without-pam")
|
|
] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
|
|
++ optional withKerberos "--with-kerberos5=${kerberos}"
|
|
++ optional stdenv.isDarwin "--disable-libutil";
|
|
|
|
preConfigure = ''
|
|
configureFlagsArray+=("--with-privsep-path=$out/empty")
|
|
mkdir -p $out/empty
|
|
'';
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
postInstall = ''
|
|
# Install ssh-copy-id, it's very useful.
|
|
cp contrib/ssh-copy-id $out/bin/
|
|
chmod +x $out/bin/ssh-copy-id
|
|
cp contrib/ssh-copy-id.1 $out/share/man/man1/
|
|
'';
|
|
|
|
installFlags = [
|
|
"sysconfdir=\${out}/etc/ssh"
|
|
];
|
|
|
|
meta = {
|
|
homepage = "http://www.openssh.org/";
|
|
description = "An implementation of the SSH protocol";
|
|
license = stdenv.lib.licenses.bsd2;
|
|
platforms = platforms.unix;
|
|
maintainers = with maintainers; [ eelco ];
|
|
broken = hpnSupport; # probably after 6.7 update
|
|
};
|
|
}
|