This patch is borrowed verbatim from Debian, where it is actively
maintained for each openssh update. It's also included in Fedora's
openssh package, in Arch linux as openssh-gssapi in the AUR, in MacOS
X, and presumably various other platforms and linux distros.
The main relevant parts of this patch:
- Adds several ssh_config options:
GSSAPIKeyExchange, GSSAPITrustDNS,
GSSAPIClientIdentity, GSSAPIServerIdentity
GSSAPIRenewalForcesRekey
- Optionally use an in-memory credentials cache api for security
My primary motivation for wanting the patch is the GSSAPIKeyExchange
and GSSAPITrustDNS features. My user ssh_config is shared across
several OSes, and it's a lot easier to manage if they all support the
same options.
added tldr to all-packages.nix
cleaned up style
added metadata
semicolons
didn't test on mac. removed platform
wrong types
fixed duplication of version
Currently the package is built with /var in $out/var. That fails when it
tries to create/write things at runtime (nix store is read-only).
Instead, tell it to use /var (global directory) and fixup the
installation phase so it doesn't touch /var (leave that for runtime).
This unbreaks the colord dbus service, which apparently is needed by
cups to create color profiles for printers.
Otherwise it will try to guess the log directory, and the guess might
not be the same if chroot builds are enabled or not.
The gruesome details from m4/sudo.m4:
````
dnl
dnl Where the I/O log files go, use /var/log/sudo-io if
dnl /var/log exists, else /{var,usr}/adm/sudo-io
dnl
AC_DEFUN([SUDO_IO_LOGDIR], [
AC_MSG_CHECKING(for I/O log dir location)
if test "${with_iologdir-yes}" != "yes"; then
iolog_dir="$with_iologdir"
elif test -d "/var/log"; then
iolog_dir="/var/log/sudo-io"
elif test -d "/var/adm"; then
iolog_dir="/var/adm/sudo-io"
else
iolog_dir="/usr/adm/sudo-io"
fi
if test "${with_iologdir}" != "no"; then
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_IO_LOGDIR, "$iolog_dir")
fi
AC_MSG_RESULT($iolog_dir)
])dnl
````