pkgs/openssh: tighten things down a bit

default.nix

@@ -16,7 +16,10 @@ let
     command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
   '';
   gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; };
-  myOpenSSH = pkgs.callPackage ./pkgs/openssh.nix { inherit config; };
+  myOpenSSH = pkgs.pkgsMusl.callPackage ./pkgs/openssh.nix {
+    inherit config;
+    inherit xinlib;
+  };
 in
 {
   imports = [

overlays/default.nix

@@ -3,13 +3,21 @@
 , ...
 }:
 let
-  inherit (xinlib) prIsOpen;
+  inherit (xinlib) prIsOpen todo;
   matrix-synapse-unwrapped = prIsOpen.overlay 0 (import ./matrix-synapse.nix);
   heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix);
   invidious = prIsOpen.overlay 300643 (import ./invidious.nix);
 in
 {
-  nixpkgs.overlays = [ heisenbridge matrix-synapse-unwrapped ] ++
+  nixpkgs.overlays = [
+    heisenbridge
+    matrix-synapse-unwrapped
+    (_: super: {
+      libressl = super.libressl.overrideAttrs (_: {
+        doCheck = todo "libressl tests disabled when building with musl" false;
+      });
+    })
+  ] ++
   (if isUnstable
   then [
     invidious

pkgs/openssh.nix

@@ -13,12 +13,14 @@
 , pkg-config
 , stdenv
 , withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl
-, withPAM ? stdenv.hostPlatform.isLinux
+, withPAM ? false
 , zlib
+, xinlib
 , ...
 }:
 let
   inherit (builtins) readFile fromJSON;
+  inherit (xinlib) todo;
   verStr = fromJSON (readFile ./openssh/version.json);
   hostStr = lib.strings.concatStrings [
     "CI configured on '"
@@ -151,7 +153,7 @@ stdenv.mkDerivation {
     set -a; source ~/.ssh/environment.base; set +a
   '';
 
-  checkTarget = [ "t-exec" "unit" "file-tests" "interop-tests" ];
+  checkTarget = todo "t-exec test disabled in openssh" [ "unit" "file-tests" "interop-tests" ];
 
   installTargets = [ "install-nokeys" ];
   installFlags = [