openssh: Build with Kerberos by default
This can be disabled with the `withKerberos` flag if desired. Make the relevant assertions lazy, so that if an overlay is used to set kerberos to null, a later override can explicitly set `withKerberos` to false. Don't build with GSSAPI by default; the patchset is large and a bit hairy, and it is reasonable to follow upstream who has not merged it in not enabling it by default.
This commit is contained in:
parent
0cc73f2524
commit
a232dd66ee
@ -69,7 +69,6 @@ in
|
|||||||
[ (self: super: {
|
[ (self: super: {
|
||||||
openssh = super.openssh.override {
|
openssh = super.openssh.override {
|
||||||
hpnSupport = true;
|
hpnSupport = true;
|
||||||
withKerberos = true;
|
|
||||||
kerberos = self.libkrb5;
|
kerberos = self.libkrb5;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,15 +1,12 @@
|
|||||||
{ stdenv, fetchurl, fetchpatch, zlib, openssl, perl, libedit, pkgconfig, pam, autoreconfHook
|
{ stdenv, fetchurl, fetchpatch, zlib, openssl, perl, libedit, pkgconfig, pam, autoreconfHook
|
||||||
, etcDir ? null
|
, etcDir ? null
|
||||||
, hpnSupport ? false
|
, hpnSupport ? false
|
||||||
, withKerberos ? false
|
, withKerberos ? true
|
||||||
, withGssapiPatches ? false
|
, withGssapiPatches ? false
|
||||||
, kerberos
|
, kerberos
|
||||||
, linkOpenssl? true
|
, linkOpenssl? true
|
||||||
}:
|
}:
|
||||||
|
|
||||||
assert withKerberos -> kerberos != null;
|
|
||||||
assert withGssapiPatches -> withKerberos;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
# **please** update this patch when you update to a new openssh release.
|
# **please** update this patch when you update to a new openssh release.
|
||||||
@ -23,8 +20,6 @@ let
|
|||||||
in
|
in
|
||||||
with stdenv.lib;
|
with stdenv.lib;
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
# Please ensure that openssh_with_kerberos still builds when
|
|
||||||
# bumping the version here!
|
|
||||||
name = "openssh-${version}";
|
name = "openssh-${version}";
|
||||||
version = if hpnSupport then "7.5p1" else "7.6p1";
|
version = if hpnSupport then "7.5p1" else "7.6p1";
|
||||||
|
|
||||||
@ -47,7 +42,7 @@ stdenv.mkDerivation rec {
|
|||||||
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966
|
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966
|
||||||
./dont_create_privsep_path.patch
|
./dont_create_privsep_path.patch
|
||||||
]
|
]
|
||||||
++ optional withGssapiPatches gssapiPatch;
|
++ optional withGssapiPatches (assert withKerberos; gssapiPatch);
|
||||||
|
|
||||||
postPatch =
|
postPatch =
|
||||||
# On Hydra this makes installation fail (sometimes?),
|
# On Hydra this makes installation fail (sometimes?),
|
||||||
@ -59,7 +54,8 @@ stdenv.mkDerivation rec {
|
|||||||
nativeBuildInputs = [ pkgconfig ];
|
nativeBuildInputs = [ pkgconfig ];
|
||||||
buildInputs = [ zlib openssl libedit pam ]
|
buildInputs = [ zlib openssl libedit pam ]
|
||||||
++ optional withKerberos kerberos
|
++ optional withKerberos kerberos
|
||||||
++ optional hpnSupport autoreconfHook;
|
++ optional hpnSupport autoreconfHook
|
||||||
|
;
|
||||||
|
|
||||||
preConfigure = ''
|
preConfigure = ''
|
||||||
# Setting LD causes `configure' and `make' to disagree about which linker
|
# Setting LD causes `configure' and `make' to disagree about which linker
|
||||||
@ -78,7 +74,7 @@ stdenv.mkDerivation rec {
|
|||||||
"--disable-strip"
|
"--disable-strip"
|
||||||
(if pam != null then "--with-pam" else "--without-pam")
|
(if pam != null then "--with-pam" else "--without-pam")
|
||||||
] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
|
] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
|
||||||
++ optional withKerberos "--with-kerberos5=${kerberos}"
|
++ optional withKerberos (assert kerberos != null; "--with-kerberos5=${kerberos}")
|
||||||
++ optional stdenv.isDarwin "--disable-libutil"
|
++ optional stdenv.isDarwin "--disable-libutil"
|
||||||
++ optional (!linkOpenssl) "--without-openssl";
|
++ optional (!linkOpenssl) "--without-openssl";
|
||||||
|
|
||||||
|
@ -142,6 +142,7 @@ mapAliases (rec {
|
|||||||
rdmd = dtools; # added 2017-08-19
|
rdmd = dtools; # added 2017-08-19
|
||||||
robomongo = robo3t; #added 2017-09-28
|
robomongo = robo3t; #added 2017-09-28
|
||||||
rssglx = rss-glx; #added 2015-03-25
|
rssglx = rss-glx; #added 2015-03-25
|
||||||
|
openssh_with_kerberos = openssh; # added 2018-01-28
|
||||||
rubygems = throw "deprecated 2016-03-02: rubygems is now bundled with ruby";
|
rubygems = throw "deprecated 2016-03-02: rubygems is now bundled with ruby";
|
||||||
rxvt_unicode_with-plugins = rxvt_unicode-with-plugins; # added 2015-04-02
|
rxvt_unicode_with-plugins = rxvt_unicode-with-plugins; # added 2015-04-02
|
||||||
samsungUnifiedLinuxDriver = samsung-unified-linux-driver; # added 2016-01-25
|
samsungUnifiedLinuxDriver = samsung-unified-linux-driver; # added 2016-01-25
|
||||||
|
@ -3886,15 +3886,12 @@ with pkgs;
|
|||||||
openssh =
|
openssh =
|
||||||
callPackage ../tools/networking/openssh {
|
callPackage ../tools/networking/openssh {
|
||||||
hpnSupport = false;
|
hpnSupport = false;
|
||||||
withKerberos = stdenv.isDarwin;
|
|
||||||
etcDir = "/etc/ssh";
|
etcDir = "/etc/ssh";
|
||||||
pam = if stdenv.isLinux then pam else null;
|
pam = if stdenv.isLinux then pam else null;
|
||||||
};
|
};
|
||||||
|
|
||||||
openssh_hpn = pkgs.appendToName "with-hpn" (openssh.override { hpnSupport = true; });
|
openssh_hpn = pkgs.appendToName "with-hpn" (openssh.override { hpnSupport = true; });
|
||||||
|
|
||||||
openssh_with_kerberos = pkgs.appendToName "with-kerberos" (openssh.override { withKerberos = true; });
|
|
||||||
|
|
||||||
opensp = callPackage ../tools/text/sgml/opensp { };
|
opensp = callPackage ../tools/text/sgml/opensp { };
|
||||||
|
|
||||||
opentracker = callPackage ../applications/networking/p2p/opentracker { };
|
opentracker = callPackage ../applications/networking/p2p/opentracker { };
|
||||||
|
Loading…
Reference in New Issue
Block a user