diff options
| author | Benjamin Staffin <bstaffin@fitbit.com> | 2016-01-01 16:35:43 -0800 |
|---|---|---|
| committer | Benjamin Staffin <bstaffin@fitbit.com> | 2016-01-05 14:50:05 -0800 |
| commit | 67f4c2a7799e2dc30cae20b3c313c7b186cd1d71 (patch) | |
| tree | 2231b3e437425b702c78d6dc1637f6e51fd849df /pkgs/tools/networking/openssh | |
| parent | ce8c8f1e1b44f41831371bd07ebe8f2f2b9280a0 (diff) | |
| download | nixlib-67f4c2a7799e2dc30cae20b3c313c7b186cd1d71.tar nixlib-67f4c2a7799e2dc30cae20b3c313c7b186cd1d71.tar.gz nixlib-67f4c2a7799e2dc30cae20b3c313c7b186cd1d71.tar.bz2 nixlib-67f4c2a7799e2dc30cae20b3c313c7b186cd1d71.tar.lz nixlib-67f4c2a7799e2dc30cae20b3c313c7b186cd1d71.tar.xz nixlib-67f4c2a7799e2dc30cae20b3c313c7b186cd1d71.tar.zst nixlib-67f4c2a7799e2dc30cae20b3c313c7b186cd1d71.zip | |
openssh: Add gssapi patch used by other major distros
This patch is borrowed verbatim from Debian, where it is actively maintained for each openssh update. It's also included in Fedora's openssh package, in Arch linux as openssh-gssapi in the AUR, in MacOS X, and presumably various other platforms and linux distros. The main relevant parts of this patch: - Adds several ssh_config options: GSSAPIKeyExchange, GSSAPITrustDNS, GSSAPIClientIdentity, GSSAPIServerIdentity GSSAPIRenewalForcesRekey - Optionally use an in-memory credentials cache api for security My primary motivation for wanting the patch is the GSSAPIKeyExchange and GSSAPITrustDNS features. My user ssh_config is shared across several OSes, and it's a lot easier to manage if they all support the same options.
Diffstat (limited to 'pkgs/tools/networking/openssh')
| -rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 67bf5be7d5b7..3a150f19ed23 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -1,7 +1,8 @@ -{ stdenv, fetchurl, zlib, openssl, perl, libedit, pkgconfig, pam +{ stdenv, fetchurl, fetchpatch, zlib, openssl, perl, libedit, pkgconfig, pam , etcDir ? null , hpnSupport ? false , withKerberos ? false +, withGssapiPatches ? withKerberos , kerberos }: @@ -14,6 +15,11 @@ let sha256 = "682b4a6880d224ee0b7447241b684330b731018585f1ba519f46660c10d63950"; }; + gssapiSrc = fetchpatch { + url = "http://anonscm.debian.org/cgit/pkg-ssh/openssh.git/plain/debian/patches/gssapi.patch?h=debian/6.9p1-3"; + sha256 = "03zlgkb3a1igj20kn8cz55ggaxg65h6f0kg20m39m0wsb94qjdb1"; + }; + in with stdenv.lib; stdenv.mkDerivation rec { @@ -30,7 +36,8 @@ stdenv.mkDerivation rec { export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s" ''; - patches = [ ./locale_archive.patch ./openssh-6.9p1-security-7.0.patch]; + patches = [ ./locale_archive.patch ./openssh-6.9p1-security-7.0.patch ] + ++ optional withGssapiPatches gssapiSrc; buildInputs = [ zlib openssl libedit pkgconfig pam ] ++ optional withKerberos [ kerberos ]; |