tjh.dev
1{
2 lib,
3 stdenv,
4 fetchurl,
5 zlib,
6 libxcrypt,
7 enableSCP ? false,
8 sftpPath ? "/run/current-system/sw/libexec/sftp-server",
9}:
10
11let
12 # NOTE: DROPBEAR_PATH_SSH_PROGRAM is only necessary when enableSCP is true,
13 # but it is enabled here always anyways for consistency
14 dflags = {
15 SFTPSERVER_PATH = sftpPath;
16 DROPBEAR_PATH_SSH_PROGRAM = "${placeholder "out"}/bin/dbclient";
17 };
18
19in
20
21stdenv.mkDerivation rec {
22 pname = "dropbear";
23 version = "2025.88";
24
25 src = fetchurl {
26 url = "https://matt.ucc.asn.au/dropbear/releases/dropbear-${version}.tar.bz2";
27 sha256 = "sha256-eD9Q6iexfBbaiVePr9tt7PpEu49lkOVpik5NNnLcU9Q=";
28 };
29
30 CFLAGS = lib.pipe (lib.attrNames dflags) [
31 (builtins.map (name: "-D${name}=\\\"${dflags.${name}}\\\""))
32 (lib.concatStringsSep " ")
33 ];
34
35 # https://www.gnu.org/software/make/manual/html_node/Libraries_002fSearch.html
36 preConfigure = ''
37 makeFlagsArray=(
38 VPATH=$(cat $NIX_CC/nix-support/orig-libc)/lib
39 PROGRAMS="${
40 lib.concatStringsSep " " (
41 [
42 "dropbear"
43 "dbclient"
44 "dropbearkey"
45 "dropbearconvert"
46 ]
47 ++ lib.optionals enableSCP [ "scp" ]
48 )
49 }"
50 )
51 '';
52
53 postInstall = lib.optionalString enableSCP ''
54 ln -rs $out/bin/scp $out/bin/dbscp
55 '';
56
57 patches = [
58 # Allow sessions to inherit the PATH from the parent dropbear.
59 # Otherwise they only get the usual /bin:/usr/bin kind of PATH
60 ./pass-path.patch
61 ];
62
63 buildInputs = [
64 zlib
65 libxcrypt
66 ];
67
68 meta = {
69 description = "Small footprint implementation of the SSH 2 protocol";
70 homepage = "https://matt.ucc.asn.au/dropbear/dropbear.html";
71 changelog = "https://github.com/mkj/dropbear/raw/DROPBEAR_${version}/CHANGES";
72 license = lib.licenses.mit;
73 maintainers = with lib.maintainers; [ abbradar ];
74 platforms = lib.platforms.linux;
75 };
76}