Also split out the variants of the package because I'm sick of waiting
for random patches to be updated before I can update my unpatched
openssh.
Also make pname correspond to the attribute name.
krb5-config from the host platform needs to be added to PATH so it can be run
during build. This works because krb5-config is a platform independent
shell-script. Before #100906, krb5-config was not used, so we didn't run into
this problem.
Hydra build is failing[1] because of a hash-mismatch of the gss-api
patch from debian.
I updated the patch, and activated the `autoreconfHook` when building
gss support as well, otherwise the build would fail with the following
error:
```
ERROR: configure is out of date; please run autoreconf (and configure)
```
[1] https://hydra.nixos.org/build/109409845
While 9fe10288f0 ensured that the
ssh-keysign path is searched for in PATH if not absolute,
it doesn't prevent the configure script from defaulting to an
absolute path in $out/libexec, making the whole effort rather
pointless.
ssh-keysign is used for host-based authentication, and is designed to be used
as SUID-root program. OpenSSH defaults to referencing it from libexec, which
cannot be made SUID in Nix.
added openssh_gssapi to make it easier to test the patched version
the HPN edition isn't available on top of 7.9p1 yet
fix-host-key-algorithms-plus.patch didn't apply anymore, assuming it's
fixed.
release notes: https://www.openssh.com/txt/release-7.9
This can be disabled with the `withKerberos` flag if desired.
Make the relevant assertions lazy,
so that if an overlay is used to set kerberos to null,
a later override can explicitly set `withKerberos` to false.
Don't build with GSSAPI by default;
the patchset is large and a bit hairy,
and it is reasonable to follow upstream who has not merged it
in not enabling it by default.
* pkgs: refactor needless quoting of homepage meta attribute
A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.
* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit
* Fixed some instances
Release notes are available at https://www.openssh.com/txt/release-7.5.
Mostly a bugfix release, no major backwards-incompatible changes.
Remove deprecated `UsePrivilegeSeparation` option,
which is now mandatory.
This reverts commit 277080fea0.
I had tested the server on my physical machine before pushing,
but the openssh test got broken so something is clearly wrong.
http://hydra.nixos.org/build/45500080
The two removed patches were for issues that should've been fixed.
Minor vulnerabilities addressed: CVE-2016-{10009,10010,10011,10012}.
https://www.openssh.com/txt/release-7.4
