From 9e86984fe066c09236aa0acd09e23babb66292e8 Mon Sep 17 00:00:00 2001 From: Aneesh Agrawal Date: Tue, 8 Mar 2016 15:14:25 -0500 Subject: [PATCH 1/2] openssh: decouple gssapi patch from kerberos The GSSAPI patch is useful but maintained by Debian, not upstream, and can be slow to update. To avoid breaking openssh_with_kerberos when the openssh version is bumped but the GSSAPI patch has not been updated, don't enable the GSSAPI patch implicitly but require it to be explicitly enabled. --- pkgs/tools/networking/openssh/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 4a1efbb03356..054174393ec2 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -2,12 +2,13 @@ , etcDir ? null , hpnSupport ? false , withKerberos ? false -, withGssapiPatches ? withKerberos +, withGssapiPatches ? false , kerberos , linkOpenssl? true }: assert withKerberos -> kerberos != null; +assert withGssapiPatches -> withKerberos; let @@ -24,6 +25,8 @@ let in with stdenv.lib; stdenv.mkDerivation rec { + # Please ensure that openssh_with_kerberos still builds when + # bumping the version here! name = "openssh-7.2p1"; src = fetchurl { From ce74aac132fd460674ef58b9324c8574e9c82f4b Mon Sep 17 00:00:00 2001 From: Aneesh Agrawal Date: Tue, 8 Mar 2016 16:11:56 -0500 Subject: [PATCH 2/2] openssh: update GSSAPI patch to openssh 7.2 --- pkgs/tools/networking/openssh/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 054174393ec2..08a3dbc58f7e 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -18,8 +18,8 @@ let }; gssapiSrc = fetchpatch { - url = "http://anonscm.debian.org/cgit/pkg-ssh/openssh.git/plain/debian/patches/gssapi.patch?h=debian/7.1p2-2"; - sha256 = "05nsch879nlpyyiwm240wlq9rasy71j9d03j1rfi8kp865zhjfbm"; + url = "https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/plain/debian/patches/gssapi.patch?id=46961f5704f8e86cea3e99253faad55aef4d8f35"; + sha256 = "01mf2vx1gavypbdx06mcbmcrkm2smff0h3jfmr61k6h6j3xk88y5"; }; in