1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-01 01:51:24 +00:00
nixpkgs/pkgs/tools/networking/openssh/default.nix
Tuomas Tynkkynen 919d44d29f openssh: Compile with '--with-pid-dir' to improve build purity
The configure script tries to probe whether /var/run exists when
determining the location for the pid file, which is not very nice when
doing chroot builds. Just set it explicitly to avoid the problem.

For reference, the culprit in configure.ac:
````
piddir=/var/run
if test ! -d $piddir ; then
        piddir=`eval echo ${sysconfdir}`
        case $piddir in
                NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
        esac
fi

AC_ARG_WITH([pid-dir],
        [  --with-pid-dir=PATH     Specify location of ssh.pid file],
...

````

Also, use the `install-nokeys` target in installPhase so we avoid
installing useless host keys into $out/etc/ssh and improve built purity
as well.
2015-12-28 18:40:21 +02:00

79 lines
2.1 KiB
Nix

{ stdenv, fetchurl, zlib, openssl, perl, libedit, pkgconfig, pam
, etcDir ? null
, hpnSupport ? false
, withKerberos ? false
, kerberos
}:
assert withKerberos -> kerberos != null;
let
hpnSrc = fetchurl {
url = mirror://sourceforge/hpnssh/openssh-6.6p1-hpnssh14v5.diff.gz;
sha256 = "682b4a6880d224ee0b7447241b684330b731018585f1ba519f46660c10d63950";
};
in
with stdenv.lib;
stdenv.mkDerivation rec {
name = "openssh-6.9p1";
src = fetchurl {
url = "mirror://openbsd/OpenSSH/portable/${name}.tar.gz";
sha256 = "1zkci5nbpb4frmzj2vr3kv9j47x2h72kvybcpr0d8mzk73sls1vf";
};
prePatch = optionalString hpnSupport
''
gunzip -c ${hpnSrc} | patch -p1
export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
'';
patches = [ ./locale_archive.patch ./openssh-6.9p1-security-7.0.patch];
buildInputs = [ zlib openssl libedit pkgconfig pam ]
++ optional withKerberos [ kerberos ];
# I set --disable-strip because later we strip anyway. And it fails to strip
# properly when cross building.
configureFlags = [
"--localstatedir=/var"
"--with-pid-dir=/run"
"--with-mantype=man"
"--with-libedit=yes"
"--disable-strip"
(if pam != null then "--with-pam" else "--without-pam")
] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
++ optional withKerberos "--with-kerberos5=${kerberos}"
++ optional stdenv.isDarwin "--disable-libutil";
preConfigure = ''
configureFlagsArray+=("--with-privsep-path=$out/empty")
mkdir -p $out/empty
'';
enableParallelBuilding = true;
postInstall = ''
# Install ssh-copy-id, it's very useful.
cp contrib/ssh-copy-id $out/bin/
chmod +x $out/bin/ssh-copy-id
cp contrib/ssh-copy-id.1 $out/share/man/man1/
'';
installTargets = [ "install-nokeys" ];
installFlags = [
"sysconfdir=\${out}/etc/ssh"
];
meta = {
homepage = "http://www.openssh.org/";
description = "An implementation of the SSH protocol";
license = stdenv.lib.licenses.bsd2;
platforms = platforms.unix;
maintainers = with maintainers; [ eelco ];
broken = hpnSupport; # probably after 6.7 update
};
}