From f596aa0f4a35f613422f85a4486e32ea20ca7739 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Sun, 28 Jan 2018 16:32:52 -0500 Subject: Revert "openssh: Build with Kerberos by default" This reverts commit a232dd66ee0b390dc4d82858af7e15713bd60327. Moving to staging --- nixos/modules/misc/nixpkgs.nix | 1 + pkgs/tools/networking/openssh/default.nix | 14 +++++++++----- pkgs/top-level/aliases.nix | 1 - pkgs/top-level/all-packages.nix | 3 +++ 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix index 6eb424941245..1793c1447d60 100644 --- a/nixos/modules/misc/nixpkgs.nix +++ b/nixos/modules/misc/nixpkgs.nix @@ -69,6 +69,7 @@ in [ (self: super: { openssh = super.openssh.override { hpnSupport = true; + withKerberos = true; kerberos = self.libkrb5; }; }; diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 1c135cd36f48..663e7be7e5f3 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -1,12 +1,15 @@ { stdenv, fetchurl, fetchpatch, zlib, openssl, perl, libedit, pkgconfig, pam, autoreconfHook , etcDir ? null , hpnSupport ? false -, withKerberos ? true +, withKerberos ? false , withGssapiPatches ? false , kerberos , linkOpenssl? true }: +assert withKerberos -> kerberos != null; +assert withGssapiPatches -> withKerberos; + let # **please** update this patch when you update to a new openssh release. @@ -20,6 +23,8 @@ let in with stdenv.lib; stdenv.mkDerivation rec { + # Please ensure that openssh_with_kerberos still builds when + # bumping the version here! name = "openssh-${version}"; version = if hpnSupport then "7.5p1" else "7.6p1"; @@ -42,7 +47,7 @@ stdenv.mkDerivation rec { # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 ./dont_create_privsep_path.patch ] - ++ optional withGssapiPatches (assert withKerberos; gssapiPatch); + ++ optional withGssapiPatches gssapiPatch; postPatch = # On Hydra this makes installation fail (sometimes?), @@ -54,8 +59,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ zlib openssl libedit pam ] ++ optional withKerberos kerberos - ++ optional hpnSupport autoreconfHook - ; + ++ optional hpnSupport autoreconfHook; preConfigure = '' # Setting LD causes `configure' and `make' to disagree about which linker @@ -74,7 +78,7 @@ stdenv.mkDerivation rec { "--disable-strip" (if pam != null then "--with-pam" else "--without-pam") ] ++ optional (etcDir != null) "--sysconfdir=${etcDir}" - ++ optional withKerberos (assert kerberos != null; "--with-kerberos5=${kerberos}") + ++ optional withKerberos "--with-kerberos5=${kerberos}" ++ optional stdenv.isDarwin "--disable-libutil" ++ optional (!linkOpenssl) "--without-openssl"; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 7d371881f940..ef49fceab721 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -142,7 +142,6 @@ mapAliases (rec { rdmd = dtools; # added 2017-08-19 robomongo = robo3t; #added 2017-09-28 rssglx = rss-glx; #added 2015-03-25 - openssh_with_kerberos = openssh; # added 2018-01-28 rubygems = throw "deprecated 2016-03-02: rubygems is now bundled with ruby"; rxvt_unicode_with-plugins = rxvt_unicode-with-plugins; # added 2015-04-02 samsungUnifiedLinuxDriver = samsung-unified-linux-driver; # added 2016-01-25 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index aae60d8e0bb3..1a4eb7584a57 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3886,12 +3886,15 @@ with pkgs; openssh = callPackage ../tools/networking/openssh { hpnSupport = false; + withKerberos = stdenv.isDarwin; etcDir = "/etc/ssh"; pam = if stdenv.isLinux then pam else null; }; openssh_hpn = pkgs.appendToName "with-hpn" (openssh.override { hpnSupport = true; }); + openssh_with_kerberos = pkgs.appendToName "with-kerberos" (openssh.override { withKerberos = true; }); + opensp = callPackage ../tools/text/sgml/opensp { }; opentracker = callPackage ../applications/networking/p2p/opentracker { }; -- cgit 1.4.1