pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #17004 from rickynils/openssh_privsep_dir

openssh: Use the default privilege separation dir (/var/empty)

authored by Eelco Dolstra and committed by GitHub 211bed46 52896c8c

+14 -5
unified split
+3 -5
pkgs/tools/networking/openssh/default.nix
··· 45 ./locale_archive.patch 46 ./fix-host-key-algorithms-plus.patch 47 ./CVE-2015-8325.patch 48 ] 49 ++ optional withGssapiPatches gssapiSrc; 50 ··· 65 ++ optional withKerberos "--with-kerberos5=${kerberos}" 66 ++ optional stdenv.isDarwin "--disable-libutil" 67 ++ optional (!linkOpenssl) "--without-openssl"; 68 - 69 - preConfigure = '' 70 - configureFlagsArray+=("--with-privsep-path=$out/empty") 71 - mkdir -p $out/empty 72 - ''; 73 74 enableParallelBuilding = true; 75
··· 45 ./locale_archive.patch 46 ./fix-host-key-algorithms-plus.patch 47 ./CVE-2015-8325.patch 48 + 49 + # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 50 + ./dont_create_privsep_path.patch 51 ] 52 ++ optional withGssapiPatches gssapiSrc; 53 ··· 68 ++ optional withKerberos "--with-kerberos5=${kerberos}" 69 ++ optional stdenv.isDarwin "--disable-libutil" 70 ++ optional (!linkOpenssl) "--without-openssl"; 71 72 enableParallelBuilding = true; 73
+11
pkgs/tools/networking/openssh/dont_create_privsep_path.patch
···
··· 1 + diff -ur openssh-7.2p2_orig/Makefile.in openssh-7.2p2/Makefile.in 2 + --- openssh-7.2p2_orig/Makefile.in 2016-03-09 19:04:48.000000000 +0100 3 + +++ openssh-7.2p2/Makefile.in 2016-07-16 09:56:05.643903293 +0200 4 + @@ -301,7 +301,6 @@ 5 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 6 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 7 + $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) 8 + - (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) 9 + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) 10 + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) 11 + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)