pkgs/tools/networking/openssh/default.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / tools / networking / openssh / default.nix
at 18.09-beta 105 lines 3.2 kB view raw
  1{ stdenv, fetchurl, fetchpatch, zlib, openssl, libedit, pkgconfig, pam, autoreconfHook
  2, etcDir ? null
  3, hpnSupport ? false
  4, withKerberos ? true
  5, withGssapiPatches ? false
  6, kerberos
  7, linkOpenssl? true
  8}:
  9
 10let
 11
 12  # **please** update this patch when you update to a new openssh release.
 13  gssapiPatch = fetchpatch {
 14    name = "openssh-gssapi.patch";
 15    url = "https://salsa.debian.org/ssh-team/openssh/raw/"
 16      + "e395eed38096fcda74398424ea94de3ec44effd5"
 17      + "/debian/patches/gssapi.patch";
 18    sha256 = "0x7xysgdahb4jaq0f28g2d7yzp0d3mh59i4xnffszvjndhvbk27x";
 19  };
 20
 21in
 22with stdenv.lib;
 23stdenv.mkDerivation rec {
 24  name = "openssh-${version}";
 25  version = if hpnSupport then "7.7p1" else "7.7p1";
 26
 27  src = if hpnSupport then
 28      fetchurl {
 29        url = "https://github.com/rapier1/openssh-portable/archive/hpn-KitchenSink-7_7_P1.tar.gz";
 30        sha256 = "1l4k8mg3gnzxbz53cma8s6ak56waz03ijsr08p8vgpi0c2rc5ri5";
 31      }
 32    else
 33      fetchurl {
 34        url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz";
 35        sha256 = "13vbbrvj3mmfhj83qyrg5c0ipr6bzw5s65dy4k8gr7p9hkkfffyp";
 36      };
 37
 38  patches =
 39    [
 40      ./locale_archive.patch
 41      ./fix-host-key-algorithms-plus.patch
 42
 43      # See discussion in https://github.com/NixOS/nixpkgs/pull/16966
 44      ./dont_create_privsep_path.patch
 45    ]
 46    ++ optional withGssapiPatches (assert withKerberos; gssapiPatch);
 47
 48  postPatch =
 49    # On Hydra this makes installation fail (sometimes?),
 50    # and nix store doesn't allow such fancy permission bits anyway.
 51    ''
 52      substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711'
 53    '';
 54
 55  nativeBuildInputs = [ pkgconfig ];
 56  buildInputs = [ zlib openssl libedit pam ]
 57    ++ optional withKerberos kerberos
 58    ++ optional hpnSupport autoreconfHook
 59    ;
 60
 61  preConfigure = ''
 62    # Setting LD causes `configure' and `make' to disagree about which linker
 63    # to use: `configure' wants `gcc', but `make' wants `ld'.
 64    unset LD
 65  '';
 66
 67  # I set --disable-strip because later we strip anyway. And it fails to strip
 68  # properly when cross building.
 69  configureFlags = [
 70    "--sbindir=\${out}/bin"
 71    "--localstatedir=/var"
 72    "--with-pid-dir=/run"
 73    "--with-mantype=man"
 74    "--with-libedit=yes"
 75    "--disable-strip"
 76    (if pam != null then "--with-pam" else "--without-pam")
 77  ] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
 78    ++ optional withKerberos (assert kerberos != null; "--with-kerberos5=${kerberos}")
 79    ++ optional stdenv.isDarwin "--disable-libutil"
 80    ++ optional (!linkOpenssl) "--without-openssl";
 81
 82  enableParallelBuilding = true;
 83
 84  hardeningEnable = [ "pie" ];
 85
 86  postInstall = ''
 87    # Install ssh-copy-id, it's very useful.
 88    cp contrib/ssh-copy-id $out/bin/
 89    chmod +x $out/bin/ssh-copy-id
 90    cp contrib/ssh-copy-id.1 $out/share/man/man1/
 91  '';
 92
 93  installTargets = [ "install-nokeys" ];
 94  installFlags = [
 95    "sysconfdir=\${out}/etc/ssh"
 96  ];
 97
 98  meta = {
 99    homepage = http://www.openssh.com/;
100    description = "An implementation of the SSH protocol";
101    license = stdenv.lib.licenses.bsd2;
102    platforms = platforms.unix;
103    maintainers = with maintainers; [ eelco aneeshusa ];
104  };
105}