fmt
This commit is contained in:
parent
47a31a9e37
commit
71f0da0fb9
@ -6,7 +6,7 @@
|
||||
xinlib,
|
||||
...
|
||||
}: let
|
||||
inherit (xinlib) prIsOpen;
|
||||
#inherit (xinlib) prIsOpen;
|
||||
jobs = [
|
||||
{
|
||||
name = "xin-ci-update";
|
||||
|
@ -44,16 +44,16 @@ in {
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.groups.${cfg.group} = {};
|
||||
users.users.${cfg.user} = {
|
||||
inherit (cfg) group;
|
||||
description = "veilid-server user";
|
||||
isSystemUser = true;
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
group = cfg.group;
|
||||
};
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ 5150 ];
|
||||
allowedUDPPorts = [ 5150 ];
|
||||
allowedTCPPorts = [5150];
|
||||
allowedUDPPorts = [5150];
|
||||
};
|
||||
|
||||
systemd.services.veilid-server = {
|
||||
|
@ -1,44 +1,46 @@
|
||||
{ pname
|
||||
, version
|
||||
, extraDesc ? ""
|
||||
, src
|
||||
, extraPatches ? []
|
||||
, extraNativeBuildInputs ? []
|
||||
, extraConfigureFlags ? []
|
||||
, extraMeta ? {}
|
||||
{
|
||||
pname,
|
||||
version,
|
||||
extraDesc ? "",
|
||||
src,
|
||||
extraPatches ? [],
|
||||
extraNativeBuildInputs ? [],
|
||||
extraConfigureFlags ? [],
|
||||
extraMeta ? {},
|
||||
}: {
|
||||
lib,
|
||||
stdenv,
|
||||
# This *is* correct, though unusual. as a way of getting krb5-config from the
|
||||
# package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606
|
||||
pkgs,
|
||||
autoreconfHook,
|
||||
zlib,
|
||||
libressl,
|
||||
libedit,
|
||||
pkg-config,
|
||||
pam,
|
||||
libredirect,
|
||||
etcDir ? "/etc/ssh",
|
||||
withKerberos ? true,
|
||||
libkrb5,
|
||||
libfido2,
|
||||
hostname,
|
||||
nixosTests,
|
||||
withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl,
|
||||
withPAM ? stdenv.hostPlatform.isLinux,
|
||||
linkOpenssl ? true,
|
||||
}:
|
||||
|
||||
{ lib, stdenv
|
||||
# This *is* correct, though unusual. as a way of getting krb5-config from the
|
||||
# package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606
|
||||
, pkgs
|
||||
, autoreconfHook
|
||||
, zlib
|
||||
, libressl
|
||||
, libedit
|
||||
, pkg-config
|
||||
, pam
|
||||
, libredirect
|
||||
, etcDir ? "/etc/ssh"
|
||||
, withKerberos ? true
|
||||
, libkrb5
|
||||
, libfido2
|
||||
, hostname
|
||||
, nixosTests
|
||||
, withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl
|
||||
, withPAM ? stdenv.hostPlatform.isLinux
|
||||
, linkOpenssl ? true
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
inherit pname version src;
|
||||
|
||||
patches = [
|
||||
patches =
|
||||
[
|
||||
./locale_archive.patch
|
||||
|
||||
# See discussion in https://github.com/NixOS/nixpkgs/pull/16966
|
||||
./dont_create_privsep_path.patch
|
||||
] ++ extraPatches;
|
||||
]
|
||||
++ extraPatches;
|
||||
|
||||
postPatch =
|
||||
# On Hydra this makes installation fail (sometimes?),
|
||||
@ -48,13 +50,15 @@ stdenv.mkDerivation {
|
||||
'';
|
||||
|
||||
strictDeps = true;
|
||||
nativeBuildInputs = [ autoreconfHook pkg-config ]
|
||||
nativeBuildInputs =
|
||||
[autoreconfHook pkg-config]
|
||||
# This is not the same as the libkrb5 from the inputs! pkgs.libkrb5 is
|
||||
# needed here to access krb5-config in order to cross compile. See:
|
||||
# https://github.com/NixOS/nixpkgs/pull/107606
|
||||
++ lib.optional withKerberos pkgs.libkrb5
|
||||
++ extraNativeBuildInputs;
|
||||
buildInputs = [ zlib libressl libedit ]
|
||||
buildInputs =
|
||||
[zlib libressl libedit]
|
||||
++ lib.optional withFIDO libfido2
|
||||
++ lib.optional withKerberos libkrb5
|
||||
++ lib.optional withPAM pam;
|
||||
@ -67,7 +71,8 @@ stdenv.mkDerivation {
|
||||
|
||||
# I set --disable-strip because later we strip anyway. And it fails to strip
|
||||
# properly when cross building.
|
||||
configureFlags = [
|
||||
configureFlags =
|
||||
[
|
||||
"--sbindir=\${out}/bin"
|
||||
"--localstatedir=/var"
|
||||
"--with-pid-dir=/run"
|
||||
@ -75,24 +80,30 @@ stdenv.mkDerivation {
|
||||
"--with-libedit=yes"
|
||||
"--disable-strip"
|
||||
(lib.withFeature withPAM "pam")
|
||||
] ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"
|
||||
]
|
||||
++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"
|
||||
++ lib.optional withFIDO "--with-security-key-builtin=yes"
|
||||
++ lib.optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
|
||||
++ lib.optional stdenv.isDarwin "--disable-libutil"
|
||||
++ lib.optional (!linkOpenssl) "--without-openssl"
|
||||
++ extraConfigureFlags;
|
||||
|
||||
${if stdenv.hostPlatform.isStatic then "NIX_LDFLAGS" else null}= [ "-laudit" ] ++ lib.optionals withKerberos [ "-lkeyutils" ];
|
||||
${
|
||||
if stdenv.hostPlatform.isStatic
|
||||
then "NIX_LDFLAGS"
|
||||
else null
|
||||
} =
|
||||
["-laudit"] ++ lib.optionals withKerberos ["-lkeyutils"];
|
||||
|
||||
buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];
|
||||
buildFlags = ["SSH_KEYSIGN=ssh-keysign"];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
hardeningEnable = [ "pie" ];
|
||||
hardeningEnable = ["pie"];
|
||||
|
||||
doCheck = true;
|
||||
enableParallelChecking = false;
|
||||
nativeCheckInputs = [ libressl ] ++ lib.optional (!stdenv.isDarwin) hostname;
|
||||
nativeCheckInputs = [libressl] ++ lib.optional (!stdenv.isDarwin) hostname;
|
||||
preCheck = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) ''
|
||||
# construct a dummy HOME
|
||||
export HOME=$(realpath ../dummy-home)
|
||||
@ -140,11 +151,12 @@ stdenv.mkDerivation {
|
||||
# integration tests hard to get working on darwin with its shaky
|
||||
# sandbox
|
||||
# t-exec tests fail on musl
|
||||
checkTarget = lib.optional (!stdenv.isDarwin && !stdenv.hostPlatform.isMusl) "t-exec"
|
||||
checkTarget =
|
||||
lib.optional (!stdenv.isDarwin && !stdenv.hostPlatform.isMusl) "t-exec"
|
||||
# other tests are less demanding of the environment
|
||||
++ [ "unit" "file-tests" "interop-tests" ];
|
||||
++ ["unit" "file-tests" "interop-tests"];
|
||||
|
||||
installTargets = [ "install-nokeys" ];
|
||||
installTargets = ["install-nokeys"];
|
||||
installFlags = [
|
||||
"sysconfdir=\${out}/etc/ssh"
|
||||
];
|
||||
@ -153,13 +165,15 @@ stdenv.mkDerivation {
|
||||
borgbackup-integration = nixosTests.borgbackup;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
meta = with lib;
|
||||
{
|
||||
description = "An implementation of the SSH protocol${extraDesc}";
|
||||
homepage = "https://www.openssh.com/";
|
||||
changelog = "https://www.openssh.com/releasenotes.html";
|
||||
license = licenses.bsd2;
|
||||
platforms = platforms.unix ++ platforms.windows;
|
||||
maintainers = (extraMeta.maintainers or []) ++ (with maintainers; [ eelco aneeshusa ]);
|
||||
maintainers = (extraMeta.maintainers or []) ++ (with maintainers; [eelco aneeshusa]);
|
||||
mainProgram = "ssh";
|
||||
} // extraMeta;
|
||||
}
|
||||
// extraMeta;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user