diff options
author | Aneesh Agrawal <aneeshusa@gmail.com> | 2017-12-25 14:51:40 -0800 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2018-01-28 16:30:46 -0500 |
commit | a232dd66ee0b390dc4d82858af7e15713bd60327 (patch) | |
tree | bfe19f53d2b6fc8e017095ed9bba67068d79f2ae /pkgs/tools | |
parent | 0cc73f2524738613422b28e0b322180e445b090b (diff) | |
download | nixlib-a232dd66ee0b390dc4d82858af7e15713bd60327.tar nixlib-a232dd66ee0b390dc4d82858af7e15713bd60327.tar.gz nixlib-a232dd66ee0b390dc4d82858af7e15713bd60327.tar.bz2 nixlib-a232dd66ee0b390dc4d82858af7e15713bd60327.tar.lz nixlib-a232dd66ee0b390dc4d82858af7e15713bd60327.tar.xz nixlib-a232dd66ee0b390dc4d82858af7e15713bd60327.tar.zst nixlib-a232dd66ee0b390dc4d82858af7e15713bd60327.zip |
openssh: Build with Kerberos by default
This can be disabled with the `withKerberos` flag if desired. Make the relevant assertions lazy, so that if an overlay is used to set kerberos to null, a later override can explicitly set `withKerberos` to false. Don't build with GSSAPI by default; the patchset is large and a bit hairy, and it is reasonable to follow upstream who has not merged it in not enabling it by default.
Diffstat (limited to 'pkgs/tools')
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 663e7be7e5f3..1c135cd36f48 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -1,15 +1,12 @@ { stdenv, fetchurl, fetchpatch, zlib, openssl, perl, libedit, pkgconfig, pam, autoreconfHook , etcDir ? null , hpnSupport ? false -, withKerberos ? false +, withKerberos ? true , withGssapiPatches ? false , kerberos , linkOpenssl? true }: -assert withKerberos -> kerberos != null; -assert withGssapiPatches -> withKerberos; - let # **please** update this patch when you update to a new openssh release. @@ -23,8 +20,6 @@ let in with stdenv.lib; stdenv.mkDerivation rec { - # Please ensure that openssh_with_kerberos still builds when - # bumping the version here! name = "openssh-${version}"; version = if hpnSupport then "7.5p1" else "7.6p1"; @@ -47,7 +42,7 @@ stdenv.mkDerivation rec { # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 ./dont_create_privsep_path.patch ] - ++ optional withGssapiPatches gssapiPatch; + ++ optional withGssapiPatches (assert withKerberos; gssapiPatch); postPatch = # On Hydra this makes installation fail (sometimes?), @@ -59,7 +54,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ zlib openssl libedit pam ] ++ optional withKerberos kerberos - ++ optional hpnSupport autoreconfHook; + ++ optional hpnSupport autoreconfHook + ; preConfigure = '' # Setting LD causes `configure' and `make' to disagree about which linker @@ -78,7 +74,7 @@ stdenv.mkDerivation rec { "--disable-strip" (if pam != null then "--with-pam" else "--without-pam") ] ++ optional (etcDir != null) "--sysconfdir=${etcDir}" - ++ optional withKerberos "--with-kerberos5=${kerberos}" + ++ optional withKerberos (assert kerberos != null; "--with-kerberos5=${kerberos}") ++ optional stdenv.isDarwin "--disable-libutil" ++ optional (!linkOpenssl) "--without-openssl"; |