mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-29 09:04:17 +00:00
8ff37d9c45
There seems to be a consensus among many packagers that RSSH is probably no longer a good idea. There are a few fixes for some of the issues but people should move on and use other software these days. Removing it from further (stable) releases is probably a good idea. If someone really needs it we still have it in the tree and they can whitelist it again.
98 lines
3.5 KiB
Nix
98 lines
3.5 KiB
Nix
# CAVEATS:
|
|
# - Have only tested this with rsync, scp, and sftp. cvs support should work, but chroot integration is unlikely to function without further work
|
|
# - It is compiled without rdist support because rdist is ludicrously ancient (and not already in nixpkgs)
|
|
|
|
{ stdenv, fetchurl, openssh, rsync, cvs }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
name = "rssh-${version}";
|
|
version = "2.3.4";
|
|
|
|
src = fetchurl {
|
|
url = "mirror://sourceforge/rssh/rssh/${version}/${name}.tar.gz";
|
|
sha256 = "f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9";
|
|
};
|
|
|
|
patches = [
|
|
./fix-config-path.patch
|
|
|
|
# Patches from AUR
|
|
(fetchurl {
|
|
url = https://aur.archlinux.org/cgit/aur.git/plain/0001-fail-logging.patch?h=rssh;
|
|
name = "0001-fail-logging.patch";
|
|
sha256 = "d30f2f4fdb1b57f94773f5b0968a4da3356b14a040efe69ec1e976c615035c65";
|
|
})
|
|
(fetchurl {
|
|
url = https://aur.archlinux.org/cgit/aur.git/plain/0002-info-to-debug.patch?h=rssh;
|
|
name = "0002-info-to-debug.patch";
|
|
sha256 = "86f6ecf34f62415b0d6204d4cbebc47322dc2ec71732d06aa27758e35d688fcd";
|
|
})
|
|
(fetchurl {
|
|
url = https://aur.archlinux.org/cgit/aur.git/plain/0003-man-page-spelling.patch?h=rssh;
|
|
name = "0003-man-page-spelling.patch";
|
|
sha256 = "455b3bbccddf1493999d00c2cd46e62930ef4fd8211e0b7d3a89d8010d6a5431";
|
|
})
|
|
(fetchurl {
|
|
url = https://aur.archlinux.org/cgit/aur.git/plain/0004-mkchroot.patch?h=rssh;
|
|
name = "0004-mkchroot.patch";
|
|
sha256 = "f7fd8723d2aa94e64e037c13c2f263a52104af680ab52bfcaea73dfa836457c2";
|
|
})
|
|
(fetchurl {
|
|
url = https://aur.archlinux.org/cgit/aur.git/plain/0005-mkchroot-arch.patch?h=rssh;
|
|
name = "0005-mkchroot-arch.patch";
|
|
sha256 = "ac8894c4087a063ae8267d2fdfcde69c2fe6b67a8ff5917e4518b8f73f08ba3f";
|
|
})
|
|
(fetchurl {
|
|
url = https://aur.archlinux.org/cgit/aur.git/plain/0006-mkchroot-symlink.patch?h=rssh;
|
|
name = "0006-mkchroot-symlink.patch";
|
|
sha256 = "bce98728cb9b55c92182d4901c5f9adf49376a07c5603514b0004e3d1c85e9c7";
|
|
})
|
|
(fetchurl {
|
|
url = https://aur.archlinux.org/cgit/aur.git/plain/0007-destdir.patch?h=rssh;
|
|
name = "0007-destdir.patch";
|
|
sha256 = "7fa03644f81dc37d77cc7e2cad994f17f91b2b8a49b1a74e41030a4ac764385e";
|
|
})
|
|
(fetchurl {
|
|
url = https://aur.archlinux.org/cgit/aur.git/plain/0008-rsync-protocol.patch?h=rssh;
|
|
name = "0008-rsync-protocol.patch";
|
|
sha256 = "0c772afe9088eeded129ead86775ef18e58c318bbc58fc3e2585e7ff09cc5e91";
|
|
})
|
|
];
|
|
|
|
# Run this after to avoid conflict with patches above
|
|
postPatch = ''
|
|
sed -i '/chmod u+s/d' Makefile.in
|
|
'';
|
|
|
|
|
|
buildInputs = [ openssh rsync cvs ];
|
|
|
|
configureFlags = [
|
|
"--with-sftp-server=${openssh}/libexec/sftp-server"
|
|
"--with-scp=${openssh}/bin/scp"
|
|
"--with-rsync=${rsync}/bin/rsync"
|
|
"--with-cvs=${cvs}/bin/cvs"
|
|
];
|
|
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "A restricted shell for use with OpenSSH, allowing only scp and/or sftp";
|
|
longDescription = ''
|
|
rssh also includes support for rsync and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.
|
|
'';
|
|
homepage = http://www.pizzashack.org/rssh/;
|
|
license = licenses.bsd2;
|
|
platforms = platforms.linux;
|
|
maintainers = with maintainers; [ arobyn ];
|
|
knownVulnerabilities = [
|
|
"CVE-2019-1000018"
|
|
"CVE-2019-3463"
|
|
"CVE-2019-3464"
|
|
];
|
|
};
|
|
|
|
passthru = {
|
|
shellPath = "/bin/rssh";
|
|
};
|
|
}
|