qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkgs/openssh: more simplification

Browse Source 
- re-enable all the tests
- always build with fido and no openssl
This commit is contained in:
Aaron Bieber 2024-07-18 11:17:13 -06:00
parent 271b4f12a5
commit 3ee3c92ea4
No known key found for this signature in database
2 changed files with 6 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@ -348,6 +348,7 @@
inherit (spkgs) matrix-synapse; inherit (spkgs) matrix-synapse;
xin = upkgs.callPackage ./bins/xin { inherit upkgs; }; xin = upkgs.callPackage ./bins/xin { inherit upkgs; };
openssh = upkgs.callPackage ./pkgs/openssh.nix { inherit upkgs; };
}); });
templates = { templates = {

32
pkgs/openssh.nix
View File

@ -1,5 +1,4 @@
{ autoreconfHook { autoreconfHook
, config
, etcDir ? "/etc/ssh" , etcDir ? "/etc/ssh"
, fetchFromGitHub , fetchFromGitHub
, hostname , hostname
@ -8,24 +7,14 @@
, libfido2 , libfido2
, libredirect , libredirect
, libressl , libressl
, pam
, pkg-config , pkg-config
, stdenv , stdenv
, withFIDO ? stdenv.hostPlatform.isUnix
, withPAM ? false
, zlib , zlib
, xinlib
, ... , ...
}: }:
let let
inherit (builtins) readFile fromJSON; inherit (builtins) readFile fromJSON;
inherit (xinlib) todo;
verStr = fromJSON (readFile ./openssh/version.json); verStr = fromJSON (readFile ./openssh/version.json);
hostStr = lib.strings.concatStrings [
"CI configured on '"
config.networking.hostName
"': running OpenSSH tests"
];
in in
stdenv.mkDerivation { stdenv.mkDerivation {
pname = "openssh"; pname = "openssh";
@ -37,13 +26,6 @@ stdenv.mkDerivation {
repo = "openssh-portable"; repo = "openssh-portable";
}; };
doCheck =
if config.xinCI.enable
then
(lib.warn hostStr true)
else
true;
patches = patches =
[ [
./openssh/locale_archive.patch ./openssh/locale_archive.patch
@ -64,10 +46,8 @@ stdenv.mkDerivation {
nativeBuildInputs = nativeBuildInputs =
[ autoreconfHook pkg-config ]; [ autoreconfHook pkg-config ];
buildInputs = buildInputs =
[ zlib libressl libedit ] [ zlib libedit libfido2 ];
++ lib.optional withFIDO libfido2
++ lib.optional withPAM pam;
preConfigure = '' preConfigure = ''
# Setting LD causes `configure' and `make' to disagree about which linker # Setting LD causes `configure' and `make' to disagree about which linker
# to use: `configure' wants `gcc', but `make' wants `ld'. # to use: `configure' wants `gcc', but `make' wants `ld'.
@ -85,11 +65,9 @@ stdenv.mkDerivation {
"--with-libedit=yes" "--with-libedit=yes"
"--disable-strip" "--disable-strip"
"--disable-dsa-keys" "--disable-dsa-keys"
"--without-openssl" "--with-security-key-builtin=yes"
(lib.withFeature withPAM "pam")
] ]
++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}" ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"
++ lib.optional withFIDO "--with-security-key-builtin=yes"
++ lib.optional stdenv.isDarwin "--disable-libutil"; ++ lib.optional stdenv.isDarwin "--disable-libutil";
${ ${
@ -152,11 +130,11 @@ stdenv.mkDerivation {
set -a; source ~/.ssh/environment.base; set +a set -a; source ~/.ssh/environment.base; set +a
''; '';
checkTarget = todo "t-exec test disabled in openssh" [ "unit" "file-tests" "interop-tests" ]; checkTarget = [ "t-exec" "unit" "file-tests" "interop-tests" ];
installTargets = [ "install-nokeys" ]; installTargets = [ "install-nokeys" ];
installFlags = [ installFlags = [
"sysconfdir=\${out}/etc/ssh" "sysconfdir=\${out}${etcDir}"
]; ];
meta = with lib; { meta = with lib; {