diff --git a/overlays/dont_create_privsep_path.patch b/overlays/dont_create_privsep_path.patch new file mode 100644 index 0000000..23f3ab6 --- /dev/null +++ b/overlays/dont_create_privsep_path.patch @@ -0,0 +1,12 @@ +diff --git i/Makefile.in w/Makefile.in +index 04e1c8e5..9bd5d01b 100644 +--- i/Makefile.in ++++ w/Makefile.in +@@ -329,7 +329,6 @@ install-files: + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 + $(MKDIR_P) $(DESTDIR)$(libexecdir) +- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) diff --git a/overlays/locale_archive.patch b/overlays/locale_archive.patch new file mode 100644 index 0000000..3fe4a21 --- /dev/null +++ b/overlays/locale_archive.patch @@ -0,0 +1,15 @@ +diff --git i/session.c w/session.c +index 58826db1..658dd911 100644 +--- i/session.c ++++ w/session.c +@@ -1053,6 +1053,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) + if (getenv("TZ")) + child_set_env(&env, &envsize, "TZ", getenv("TZ")); + ++ /* NixOS path to the glibc locale archive, to be set in the systemd job */ ++ if (getenv("LOCALE_ARCHIVE")) ++ child_set_env(&env, &envsize, "LOCALE_ARCHIVE", getenv("LOCALE_ARCHIVE")); ++ + /* Set custom environment options from pubkey authentication. */ + if (options.permit_user_env) { + for (n = 0 ; n < auth_opts->nenv; n++) { diff --git a/overlays/openssh.nix b/overlays/openssh.nix index a0900b9..79c8609 100644 --- a/overlays/openssh.nix +++ b/overlays/openssh.nix @@ -7,7 +7,11 @@ let hash = "sha256-P2bb8WVftF9Q4cVtpiqwEhjCKIB7ITONY068351xz0Y="; }; - patches = [ ./ssh-keysign-8.5.patch ]; + patches = [ + ./ssh-keysign-8.5.patch + ./dont_create_privsep_path.patch + ./locale_archive.patch + ]; }); };