pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #17004 from rickynils/openssh_privsep_dir

openssh: Use the default privilege separation dir (/var/empty)

Eelco Dolstra 211bed46 52896c8c

options
unified split
Changed files
+14 -5
pkgs
tools
networking
openssh
default.nix
dont_create_privsep_path.patch
+3 -5
pkgs/tools/networking/openssh/default.nix 
···

       
45

       
45

       
 

       
      ./locale_archive.patch


     

       
46

       
46

       
 

       
      ./fix-host-key-algorithms-plus.patch


     

       
47

       
47

       
 

       
      ./CVE-2015-8325.patch


     

       

       
48

       
+

       



     

       

       
49

       
+

       
      # See discussion in https://github.com/NixOS/nixpkgs/pull/16966


     

       

       
50

       
+

       
      ./dont_create_privsep_path.patch


     

       
48

       
51

       
 

       
    ]


     

       
49

       
52

       
 

       
    ++ optional withGssapiPatches gssapiSrc;


     

       
50

       
53

       
 

       



     
···

       
65

       
68

       
 

       
    ++ optional withKerberos "--with-kerberos5=${kerberos}"


     

       
66

       
69

       
 

       
    ++ optional stdenv.isDarwin "--disable-libutil"


     

       
67

       
70

       
 

       
    ++ optional (!linkOpenssl) "--without-openssl";


     

       
68

       

       
-

       



     

       
69

       

       
-

       
  preConfigure = ''


     

       
70

       

       
-

       
    configureFlagsArray+=("--with-privsep-path=$out/empty")


     

       
71

       

       
-

       
    mkdir -p $out/empty


     

       
72

       

       
-

       
  '';


     

       
73

       
71

       
 

       



     

       
74

       
72

       
 

       
  enableParallelBuilding = true;


     

       
75

       
73
+11
pkgs/tools/networking/openssh/dont_create_privsep_path.patch 
···

       

       
1

       
+

       
diff -ur openssh-7.2p2_orig/Makefile.in openssh-7.2p2/Makefile.in


     

       

       
2

       
+

       
--- openssh-7.2p2_orig/Makefile.in	2016-03-09 19:04:48.000000000 +0100


     

       

       
3

       
+

       
+++ openssh-7.2p2/Makefile.in	2016-07-16 09:56:05.643903293 +0200


     

       

       
4

       
+

       
@@ -301,7 +301,6 @@


     

       

       
5

       
+

       
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5


     

       

       
6

       
+

       
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8


     

       

       
7

       
+

       
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)


     

       

       
8

       
+

       
-	(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))


     

       

       
9

       
+

       
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)


     

       

       
10

       
+

       
 	$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)


     

       

       
11

       
+

       
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)