919d44d29f
The configure script tries to probe whether /var/run exists when determining the location for the pid file, which is not very nice when doing chroot builds. Just set it explicitly to avoid the problem. For reference, the culprit in configure.ac: ```` piddir=/var/run if test ! -d $piddir ; then piddir=`eval echo ${sysconfdir}` case $piddir in NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; esac fi AC_ARG_WITH([pid-dir], [ --with-pid-dir=PATH Specify location of ssh.pid file], ... ```` Also, use the `install-nokeys` target in installPhase so we avoid installing useless host keys into $out/etc/ssh and improve built purity as well.
78 lines
2.1 KiB
Nix
78 lines
2.1 KiB
Nix
{ stdenv, fetchurl, zlib, openssl, perl, libedit, pkgconfig, pam
|
|
, etcDir ? null
|
|
, hpnSupport ? false
|
|
, withKerberos ? false
|
|
, kerberos
|
|
}:
|
|
|
|
assert withKerberos -> kerberos != null;
|
|
|
|
let
|
|
|
|
hpnSrc = fetchurl {
|
|
url = mirror://sourceforge/hpnssh/openssh-6.6p1-hpnssh14v5.diff.gz;
|
|
sha256 = "682b4a6880d224ee0b7447241b684330b731018585f1ba519f46660c10d63950";
|
|
};
|
|
|
|
in
|
|
with stdenv.lib;
|
|
stdenv.mkDerivation rec {
|
|
name = "openssh-6.9p1";
|
|
|
|
src = fetchurl {
|
|
url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz";
|
|
sha256 = "1zkci5nbpb4frmzj2vr3kv9j47x2h72kvybcpr0d8mzk73sls1vf";
|
|
};
|
|
|
|
prePatch = optionalString hpnSupport
|
|
''
|
|
gunzip -c ${hpnSrc} | patch -p1
|
|
export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
|
|
'';
|
|
|
|
patches = [ ./locale_archive.patch ./openssh-6.9p1-security-7.0.patch];
|
|
|
|
buildInputs = [ zlib openssl libedit pkgconfig pam ]
|
|
++ optional withKerberos [ kerberos ];
|
|
|
|
# I set --disable-strip because later we strip anyway. And it fails to strip
|
|
# properly when cross building.
|
|
configureFlags = [
|
|
"--localstatedir=/var"
|
|
"--with-pid-dir=/run"
|
|
"--with-mantype=man"
|
|
"--with-libedit=yes"
|
|
"--disable-strip"
|
|
(if pam != null then "--with-pam" else "--without-pam")
|
|
] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
|
|
++ optional withKerberos "--with-kerberos5=${kerberos}"
|
|
++ optional stdenv.isDarwin "--disable-libutil";
|
|
|
|
preConfigure = ''
|
|
configureFlagsArray+=("--with-privsep-path=$out/empty")
|
|
mkdir -p $out/empty
|
|
'';
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
postInstall = ''
|
|
# Install ssh-copy-id, it's very useful.
|
|
cp contrib/ssh-copy-id $out/bin/
|
|
chmod +x $out/bin/ssh-copy-id
|
|
cp contrib/ssh-copy-id.1 $out/share/man/man1/
|
|
'';
|
|
|
|
installTargets = [ "install-nokeys" ];
|
|
installFlags = [
|
|
"sysconfdir=\${out}/etc/ssh"
|
|
];
|
|
|
|
meta = {
|
|
homepage = "http://www.openssh.org/";
|
|
description = "An implementation of the SSH protocol";
|
|
license = stdenv.lib.licenses.bsd2;
|
|
platforms = platforms.unix;
|
|
maintainers = with maintainers; [ eelco ];
|
|
broken = hpnSupport; # probably after 6.7 update
|
|
};
|
|
}
|