lsh: drop
This commit is contained in:
parent
422d853079
commit
e959525e15
@ -311,6 +311,8 @@
|
||||
|
||||
- The `services.trust-dns` module has been renamed to `services.hickory-dns`.
|
||||
|
||||
- The `lsh` package and the `services.lshd` module have been removed as they had no maintainer in Nixpkgs and hadn’t seen an upstream release in over a decade. It is recommended to migrate to `openssh` and `services.openssh`.
|
||||
|
||||
## Other Notable Changes {#sec-release-24.11-notable-changes}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
@ -1205,7 +1205,6 @@
|
||||
./services/networking/spacecookie.nix
|
||||
./services/networking/spiped.nix
|
||||
./services/networking/squid.nix
|
||||
./services/networking/ssh/lshd.nix
|
||||
./services/networking/ssh/sshd.nix
|
||||
./services/networking/sslh.nix
|
||||
./services/networking/strongswan-swanctl/module.nix
|
||||
|
@ -37,7 +37,6 @@ in
|
||||
The xow package was removed from nixpkgs. Upstream has deprecated
|
||||
the project and users are urged to switch to xone.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "networking" "liboop" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
|
||||
(mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "programs" "gnome-documents" ] "The corresponding package was removed from nixpkgs.")
|
||||
@ -71,6 +70,7 @@ in
|
||||
(mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
|
||||
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
|
||||
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "lshd" ] "The corresponding package was removed from nixpkgs as it had no maintainer in Nixpkgs and hasn't seen an upstream release in over a decades.")
|
||||
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")
|
||||
|
@ -1,187 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
inherit (pkgs) lsh;
|
||||
|
||||
cfg = config.services.lshd;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.lshd = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable the GNU lshd SSH2 daemon, which allows
|
||||
secure remote login.
|
||||
'';
|
||||
};
|
||||
|
||||
portNumber = mkOption {
|
||||
default = 22;
|
||||
type = types.port;
|
||||
description = ''
|
||||
The port on which to listen for connections.
|
||||
'';
|
||||
};
|
||||
|
||||
interfaces = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
List of network interfaces where listening for connections.
|
||||
When providing the empty list, `[]`, lshd listens on all
|
||||
network interfaces.
|
||||
'';
|
||||
example = [ "localhost" "1.2.3.4:443" ];
|
||||
};
|
||||
|
||||
hostKey = mkOption {
|
||||
default = "/etc/lsh/host-key";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Path to the server's private key. Note that this key must
|
||||
have been created, e.g., using "lsh-keygen --server |
|
||||
lsh-writekey --server", so that you can run lshd.
|
||||
'';
|
||||
};
|
||||
|
||||
syslog = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to enable syslog output.";
|
||||
};
|
||||
|
||||
passwordAuthentication = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to enable password authentication.";
|
||||
};
|
||||
|
||||
publicKeyAuthentication = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to enable public key authentication.";
|
||||
};
|
||||
|
||||
rootLogin = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable remote root login.";
|
||||
};
|
||||
|
||||
loginShell = mkOption {
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
description = ''
|
||||
If non-null, override the default login shell with the
|
||||
specified value.
|
||||
'';
|
||||
example = "/nix/store/xyz-bash-10.0/bin/bash10";
|
||||
};
|
||||
|
||||
srpKeyExchange = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to enable SRP key exchange and user authentication.
|
||||
'';
|
||||
};
|
||||
|
||||
tcpForwarding = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to enable TCP/IP forwarding.";
|
||||
};
|
||||
|
||||
x11Forwarding = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to enable X11 forwarding.";
|
||||
};
|
||||
|
||||
subsystems = mkOption {
|
||||
type = types.listOf types.path;
|
||||
description = ''
|
||||
List of subsystem-path pairs, where the head of the pair
|
||||
denotes the subsystem name, and the tail denotes the path to
|
||||
an executable implementing it.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.lshd.subsystems = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
|
||||
|
||||
systemd.services.lshd = {
|
||||
description = "GNU lshd SSH2 daemon";
|
||||
|
||||
after = [ "network.target" ];
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment = {
|
||||
LD_LIBRARY_PATH = config.system.nssModules.path;
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh
|
||||
test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh
|
||||
|
||||
if ! test -f /var/spool/lsh/yarrow-seed-file
|
||||
then
|
||||
# XXX: It would be nice to provide feedback to the
|
||||
# user when this fails, so that they can retry it
|
||||
# manually.
|
||||
${lsh}/bin/lsh-make-seed --sloppy \
|
||||
-o /var/spool/lsh/yarrow-seed-file
|
||||
fi
|
||||
|
||||
if ! test -f "${cfg.hostKey}"
|
||||
then
|
||||
${lsh}/bin/lsh-keygen --server | \
|
||||
${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}"
|
||||
fi
|
||||
'';
|
||||
|
||||
script = with cfg; ''
|
||||
${lsh}/sbin/lshd --daemonic \
|
||||
--password-helper="${lsh}/sbin/lsh-pam-checkpw" \
|
||||
-p ${toString portNumber} \
|
||||
${optionalString (interfaces != []) (concatStrings (map (i: "--interface=\"${i}\"") interfaces))} \
|
||||
-h "${hostKey}" \
|
||||
${optionalString (!syslog) "--no-syslog" } \
|
||||
${if passwordAuthentication then "--password" else "--no-password" } \
|
||||
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
|
||||
${if rootLogin then "--root-login" else "--no-root-login" } \
|
||||
${optionalString (loginShell != null) "--login-shell=\"${loginShell}\"" } \
|
||||
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
|
||||
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
|
||||
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
|
||||
--subsystems=${concatStringsSep ","
|
||||
(map (pair: (head pair) + "=" +
|
||||
(head (tail pair)))
|
||||
subsystems)}
|
||||
'';
|
||||
};
|
||||
|
||||
security.pam.services.lshd = {};
|
||||
};
|
||||
}
|
@ -1,58 +0,0 @@
|
||||
{ lib, stdenv, fetchurl, gperf, guile, gmp, zlib, liboop, readline, gnum4, pam
|
||||
, nettools, lsof, procps, libxcrypt }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "lsh";
|
||||
version = "2.0.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnu/lsh/lsh-${version}.tar.gz";
|
||||
sha256 = "614b9d63e13ad3e162c82b6405d1f67713fc622a8bc11337e72949d613713091";
|
||||
};
|
||||
|
||||
patches = [ ./pam-service-name.patch ./lshd-no-root-login.patch ];
|
||||
|
||||
preConfigure = ''
|
||||
# Patch `lsh-make-seed' so that it can gather enough entropy.
|
||||
sed -i "src/lsh-make-seed.c" \
|
||||
-e "s|/usr/sbin/arp|${nettools}/sbin/arp|g ;
|
||||
s|/usr/bin/netstat|${nettools}/bin/netstat|g ;
|
||||
s|/usr/local/bin/lsof|${lsof}/bin/lsof|g ;
|
||||
s|/bin/vmstat|${procps}/bin/vmstat|g ;
|
||||
s|/bin/ps|${procps}/bin/sp|g ;
|
||||
s|/usr/bin/w|${procps}/bin/w|g ;
|
||||
s|/usr/bin/df|$(type -P df)|g ;
|
||||
s|/usr/bin/ipcs|$(type -P ipcs)|g ;
|
||||
s|/usr/bin/uptime|$(type -P uptime)|g"
|
||||
|
||||
# Skip the `configure' script that checks whether /dev/ptmx & co. work as
|
||||
# expected, because it relies on impurities (for instance, /dev/pts may
|
||||
# be unavailable in chroots.)
|
||||
export lsh_cv_sys_unix98_ptys=yes
|
||||
'';
|
||||
|
||||
# -fcommon: workaround build failure on -fno-common toolchains like upstream
|
||||
# gcc-10. Otherwise build fails as:
|
||||
# ld: liblsh.a(unix_user.o):/build/lsh-2.0.4/src/server_userauth.h:108: multiple definition of
|
||||
# `server_userauth_none_preauth'; lshd.o:/build/lsh-2.0.4/src/server_userauth.h:108: first defined here
|
||||
# Should be present in upcoming 2.1 release.
|
||||
env.NIX_CFLAGS_COMPILE = "-std=gnu90 -fcommon";
|
||||
|
||||
buildInputs = [ gperf guile gmp zlib liboop readline gnum4 pam libxcrypt ];
|
||||
|
||||
meta = {
|
||||
description = "GPL'd implementation of the SSH protocol";
|
||||
|
||||
longDescription = ''
|
||||
lsh is a free implementation (in the GNU sense) of the ssh
|
||||
version 2 protocol, currently being standardised by the IETF
|
||||
SECSH working group.
|
||||
'';
|
||||
|
||||
homepage = "http://www.lysator.liu.se/~nisse/lsh/";
|
||||
license = lib.licenses.gpl2Plus;
|
||||
|
||||
maintainers = [ ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
Correctly handle the `--no-root-login' option.
|
||||
|
||||
--- lsh-2.0.4/src/lshd.c 2006-05-01 13:47:44.000000000 +0200
|
||||
+++ lsh-2.0.4/src/lshd.c 2009-09-08 12:20:36.000000000 +0200
|
||||
@@ -758,6 +758,10 @@ main_argp_parser(int key, char *arg, str
|
||||
self->allow_root = 1;
|
||||
break;
|
||||
|
||||
+ case OPT_NO_ROOT_LOGIN:
|
||||
+ self->allow_root = 0;
|
||||
+ break;
|
||||
+
|
||||
case OPT_KERBEROS_PASSWD:
|
||||
self->pw_helper = PATH_KERBEROS_HELPER;
|
||||
break;
|
||||
|
@ -1,14 +0,0 @@
|
||||
Tell `lsh-pam-checkpw', the PAM password helper program, to use a more
|
||||
descriptive service name.
|
||||
|
||||
--- lsh-2.0.4/src/lsh-pam-checkpw.c 2003-02-16 22:30:10.000000000 +0100
|
||||
+++ lsh-2.0.4/src/lsh-pam-checkpw.c 2008-11-28 16:16:58.000000000 +0100
|
||||
@@ -38,7 +38,7 @@
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
#define PWD_MAXLEN 1024
|
||||
-#define SERVICE_NAME "other"
|
||||
+#define SERVICE_NAME "lshd"
|
||||
#define TIMEOUT 600
|
||||
|
||||
static int
|
@ -912,6 +912,7 @@ mapAliases ({
|
||||
llvm_11 = throw "llvm_11 has been removed from nixpkgs"; # Added 2024-01-24
|
||||
|
||||
lobster-two = google-fonts; # Added 2021-07-22
|
||||
lsh = throw "lsh has been removed as it had no maintainer in Nixpkgs and hasn't seen an upstream release in over a decade"; # Added 2024-08-14
|
||||
luxcorerender = throw "'luxcorerender' has been removed as it's unmaintained and broken in nixpkgs since a while ago"; # Added 2023-06-07
|
||||
lv_img_conv = throw "'lv_img_conv' has been removed from nixpkgs as it is broken"; # Added 2024-06-18
|
||||
lxd = lib.warn "lxd has been renamed to lxd-lts" lxd-lts; # Added 2024-04-01
|
||||
|
@ -10163,10 +10163,6 @@ with pkgs;
|
||||
|
||||
lsb-release = callPackage ../os-specific/linux/lsb-release { };
|
||||
|
||||
# lsh installs `bin/nettle-lfib-stream' and so does Nettle. Give the
|
||||
# former a lower priority than Nettle.
|
||||
lsh = lowPrio (callPackage ../tools/networking/lsh { });
|
||||
|
||||
lunatic = callPackage ../development/interpreters/lunatic { };
|
||||
|
||||
lux = callPackage ../tools/video/lux { };
|
||||
|
@ -82,7 +82,6 @@ in
|
||||
libxml2 = all;
|
||||
libxslt = all;
|
||||
lout = linux;
|
||||
lsh = linux;
|
||||
lsof = linux;
|
||||
ltrace = linux;
|
||||
lvm2 = linux;
|
||||
|
Loading…
Reference in New Issue
Block a user