diff options
author | Michael Alan Dorman <mdorman@ironicdesign.com> | 2020-02-28 15:19:51 -0500 |
---|---|---|
committer | Michael Alan Dorman <mdorman@ironicdesign.com> | 2020-02-28 15:24:37 -0500 |
commit | b6b3e047593dff14c871214bf5df691a8c2c23ed (patch) | |
tree | 733dc741c8a137d122076911b8f3adb8a2b5eb20 /pkgs/os-specific/linux/pam_ssh_agent_auth | |
parent | a1ce8740facd1dce8e79b0b92d661d6bbedbf551 (diff) |
pam_ssh_agent_auth: fix dependency on insecure openssl
There have been a couple of patches floating around for about the last 18 months. While they originated with FreeBSD, but they've been adopted by Gentoo and Debian as well---and the most straightforward way to get access to them was from the Debian repository.
Diffstat (limited to 'pkgs/os-specific/linux/pam_ssh_agent_auth')
-rw-r--r-- | pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix index 48c02be9c3890..b47ad4815b5b4 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pam, openssl, perl }: +{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }: stdenv.mkDerivation rec { name = "pam_ssh_agent_auth-0.10.3"; @@ -12,10 +12,31 @@ stdenv.mkDerivation rec { [ # Allow multiple colon-separated authorized keys files to be # specified in the file= option. ./multiple-key-files.patch + (fetchpatch { + name = "openssl-1.1.1-1.patch"; + url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch"; + sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf"; + }) + (fetchpatch { + name = "openssl-1.1.1-2.patch"; + url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch"; + sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww"; + }) ]; buildInputs = [ pam openssl perl ]; + # It's not clear to me why this is necessary, but without it, you see: + # + # checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019) + # checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019) + # checking whether OpenSSL's headers match the library... no + # configure: WARNING: Your OpenSSL headers do not match your + # library. Check config.log for details. + # + # ...despite the fact that clearly the values match + configureFlags = [ "--without-openssl-header-check" ]; + enableParallelBuilding = true; meta = { |