diff options
| author | worldofpeace <worldofpeace@protonmail.ch> | 2020-02-29 02:02:52 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-29 02:02:52 +0000 |
| commit | 8913745573e5527b2f277c282466415902c1e6b3 (patch) | |
| tree | 79d2a99c8571b8d6911d49e4e93dfd0c51f3d76f | |
| parent | 6e797033c8c385fdf461e99ef9e3212412294291 (diff) | |
| parent | b6b3e047593dff14c871214bf5df691a8c2c23ed (diff) | |
| download | nixlib-8913745573e5527b2f277c282466415902c1e6b3.tar nixlib-8913745573e5527b2f277c282466415902c1e6b3.tar.gz nixlib-8913745573e5527b2f277c282466415902c1e6b3.tar.bz2 nixlib-8913745573e5527b2f277c282466415902c1e6b3.tar.lz nixlib-8913745573e5527b2f277c282466415902c1e6b3.tar.xz nixlib-8913745573e5527b2f277c282466415902c1e6b3.tar.zst nixlib-8913745573e5527b2f277c282466415902c1e6b3.zip | |
Merge pull request #81319 from mdorman/pam_ssh_agent_auth
pam_ssh_agent_auth: fix dependency on insecure openssl
| -rw-r--r-- | pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix | 23 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 4 |
2 files changed, 23 insertions, 4 deletions
diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix index 48c02be9c389..b47ad4815b5b 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pam, openssl, perl }: +{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }: stdenv.mkDerivation rec { name = "pam_ssh_agent_auth-0.10.3"; @@ -12,10 +12,31 @@ stdenv.mkDerivation rec { [ # Allow multiple colon-separated authorized keys files to be # specified in the file= option. ./multiple-key-files.patch + (fetchpatch { + name = "openssl-1.1.1-1.patch"; + url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch"; + sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf"; + }) + (fetchpatch { + name = "openssl-1.1.1-2.patch"; + url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch"; + sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww"; + }) ]; buildInputs = [ pam openssl perl ]; + # It's not clear to me why this is necessary, but without it, you see: + # + # checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019) + # checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019) + # checking whether OpenSSL's headers match the library... no + # configure: WARNING: Your OpenSSL headers do not match your + # library. Check config.log for details. + # + # ...despite the fact that clearly the values match + configureFlags = [ "--without-openssl-header-check" ]; + enableParallelBuilding = true; meta = { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e8d49ca01b7a..d00b878c7816 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17066,9 +17066,7 @@ in pam_pgsql = callPackage ../os-specific/linux/pam_pgsql { }; - pam_ssh_agent_auth = callPackage ../os-specific/linux/pam_ssh_agent_auth { - openssl = openssl_1_0_2; - }; + pam_ssh_agent_auth = callPackage ../os-specific/linux/pam_ssh_agent_auth { }; pam_u2f = callPackage ../os-specific/linux/pam_u2f { }; |