diff options
author | obadz <obadz-git@obadz.com> | 2016-08-23 18:50:10 +0100 |
---|---|---|
committer | obadz <obadz-git@obadz.com> | 2016-08-23 18:50:10 +0100 |
commit | 8da8aa7ddbf787f480382d6d87dfa8050d0162d8 (patch) | |
tree | 118c32d7c09a017934ebd3740913db5c827777e1 /pkgs/tools/networking | |
parent | 0e8d2725dcc1aef5c56e63c939249b27190f6367 (diff) | |
parent | 17234ca0732b7b7ecadd635ee258da98dd5b36a8 (diff) | |
download | nixlib-8da8aa7ddbf787f480382d6d87dfa8050d0162d8.tar nixlib-8da8aa7ddbf787f480382d6d87dfa8050d0162d8.tar.gz nixlib-8da8aa7ddbf787f480382d6d87dfa8050d0162d8.tar.bz2 nixlib-8da8aa7ddbf787f480382d6d87dfa8050d0162d8.tar.lz nixlib-8da8aa7ddbf787f480382d6d87dfa8050d0162d8.tar.xz nixlib-8da8aa7ddbf787f480382d6d87dfa8050d0162d8.tar.zst nixlib-8da8aa7ddbf787f480382d6d87dfa8050d0162d8.zip |
Merge branch 'hardened-stdenv' into staging
Diffstat (limited to 'pkgs/tools/networking')
-rw-r--r-- | pkgs/tools/networking/lsh/default.nix | 51 | ||||
-rw-r--r-- | pkgs/tools/networking/lsh/lshd-no-root-login.patch | 16 | ||||
-rw-r--r-- | pkgs/tools/networking/lsh/pam-service-name.patch | 14 |
3 files changed, 81 insertions, 0 deletions
diff --git a/pkgs/tools/networking/lsh/default.nix b/pkgs/tools/networking/lsh/default.nix new file mode 100644 index 000000000000..5d788af1682e --- /dev/null +++ b/pkgs/tools/networking/lsh/default.nix @@ -0,0 +1,51 @@ +{ stdenv, fetchurl, gperf, guile, gmp, zlib, liboop, readline, gnum4, pam +, nettools, lsof, procps }: + +stdenv.mkDerivation rec { + name = "lsh-2.0.4"; + src = fetchurl { + url = "mirror://gnu/lsh/${name}.tar.gz"; + sha256 = "614b9d63e13ad3e162c82b6405d1f67713fc622a8bc11337e72949d613713091"; + }; + + patches = [ ./pam-service-name.patch ./lshd-no-root-login.patch ]; + + preConfigure = '' + # Patch `lsh-make-seed' so that it can gather enough entropy. + sed -i "src/lsh-make-seed.c" \ + -e "s|/usr/sbin/arp|${nettools}/sbin/arp|g ; + s|/usr/bin/netstat|${nettools}/bin/netstat|g ; + s|/usr/local/bin/lsof|${lsof}/bin/lsof|g ; + s|/bin/vmstat|${procps}/bin/vmstat|g ; + s|/bin/ps|${procps}/bin/sp|g ; + s|/usr/bin/w|${procps}/bin/w|g ; + s|/usr/bin/df|$(type -P df)|g ; + s|/usr/bin/ipcs|$(type -P ipcs)|g ; + s|/usr/bin/uptime|$(type -P uptime)|g" + + # Skip the `configure' script that checks whether /dev/ptmx & co. work as + # expected, because it relies on impurities (for instance, /dev/pts may + # be unavailable in chroots.) + export lsh_cv_sys_unix98_ptys=yes + ''; + + NIX_CFLAGS_COMPILE = "-std=gnu90"; + + buildInputs = [ gperf guile gmp zlib liboop readline gnum4 pam ]; + + meta = { + description = "GPL'd implementation of the SSH protocol"; + + longDescription = '' + lsh is a free implementation (in the GNU sense) of the ssh + version 2 protocol, currently being standardised by the IETF + SECSH working group. + ''; + + homepage = http://www.lysator.liu.se/~nisse/lsh/; + license = stdenv.lib.licenses.gpl2Plus; + + maintainers = [ ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/tools/networking/lsh/lshd-no-root-login.patch b/pkgs/tools/networking/lsh/lshd-no-root-login.patch new file mode 100644 index 000000000000..9dd81de3fbc1 --- /dev/null +++ b/pkgs/tools/networking/lsh/lshd-no-root-login.patch @@ -0,0 +1,16 @@ +Correctly handle the `--no-root-login' option. + +--- lsh-2.0.4/src/lshd.c 2006-05-01 13:47:44.000000000 +0200 ++++ lsh-2.0.4/src/lshd.c 2009-09-08 12:20:36.000000000 +0200 +@@ -758,6 +758,10 @@ main_argp_parser(int key, char *arg, str + self->allow_root = 1; + break; + ++ case OPT_NO_ROOT_LOGIN: ++ self->allow_root = 0; ++ break; ++ + case OPT_KERBEROS_PASSWD: + self->pw_helper = PATH_KERBEROS_HELPER; + break; + diff --git a/pkgs/tools/networking/lsh/pam-service-name.patch b/pkgs/tools/networking/lsh/pam-service-name.patch new file mode 100644 index 000000000000..6a6156855c51 --- /dev/null +++ b/pkgs/tools/networking/lsh/pam-service-name.patch @@ -0,0 +1,14 @@ +Tell `lsh-pam-checkpw', the PAM password helper program, to use a more +descriptive service name. + +--- lsh-2.0.4/src/lsh-pam-checkpw.c 2003-02-16 22:30:10.000000000 +0100 ++++ lsh-2.0.4/src/lsh-pam-checkpw.c 2008-11-28 16:16:58.000000000 +0100 +@@ -38,7 +38,7 @@ + #include <security/pam_appl.h> + + #define PWD_MAXLEN 1024 +-#define SERVICE_NAME "other" ++#define SERVICE_NAME "lshd" + #define TIMEOUT 600 + + static int |