* OpenSSH: optionally use PAM.

* Some purity fixes in OpenSSH: it needs Perl, and we now specify a
  location for the empty privsep directory.

svn path=/nixpkgs/trunk/; revision=7310

2 files changed, 21 insertions, 17 deletions

diff --git a/pkgs/tools/networking/openssh/builder.sh b/pkgs/tools/networking/openssh/builder.sh
deleted file mode 100644
index e89334f1c5ac..000000000000
--- a/pkgs/tools/networking/openssh/builder.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-source $stdenv/setup
-
-
-if test -n "$xauth"; then
-   configureFlags="--with-xauth=$xauth"
-fi
-
-installPhase() {
-   make install-nokeys
-}
-installPhase=installPhase
-
-genericBuild
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 5f53b793afd0..7fddc2899404 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -1,17 +1,34 @@
-{stdenv, fetchurl, zlib, openssl, xforwarding ? false, xauth ? null}:
+{ stdenv, fetchurl, zlib, openssl, perl
+, pamSupport ? false, pam ? null
+, xforwarding ? false, xauth ? null
+}:
 
+assert pamSupport -> pam != null;
 assert xforwarding -> xauth != null;
  
 stdenv.mkDerivation {
   name = "openssh-3.8.1p1";
  
-  builder = ./builder.sh;
+  #builder = ./builder.sh;
   src = fetchurl {
     url = http://nix.cs.uu.nl/dist/tarballs/openssh-3.8.1p1.tar.gz;
     md5 = "1dbfd40ae683f822ae917eebf171ca42";
   };
  
-  buildInputs = [zlib openssl
-  (if xforwarding then xauth else null)
+  buildInputs = [zlib openssl perl
+    (if pamSupport then pam else null)
+    (if xforwarding then xauth else null)
   ];
+
+  configureFlags = "
+    ${if xforwarding then "--with-xauth=${xauth}/bin/xauth" else ""}
+    ${if pamSupport then "--with-pam" else ""}
+  ";
+
+  preConfigure = "
+    configureFlags=\"$configureFlags --with-privsep-path=$out/empty\"
+    ensureDir $out/empty
+  ";
+
+  installPhase = "make install-nokeys"; # !!! patchelf etc.
 }