openssh: decouple gssapi patch from kerberos

The GSSAPI patch is useful but maintained by Debian, not upstream, and can be slow to update. To avoid breaking openssh_with_kerberos when the openssh version is bumped but the GSSAPI patch has not been updated, don't enable the GSSAPI patch implicitly but require it to be explicitly enabled.
author: Aneesh Agrawal <aneeshusa@gmail.com> 2016-03-08 15:14:25 -0500
committer: Aneesh Agrawal <aneeshusa@gmail.com> 2016-03-08 15:14:25 -0500
commit: 9e86984fe066c09236aa0acd09e23babb66292e8 (patch)
tree: 458a38c571e15c523ab01add4405040c974cf4f4 /pkgs
parent: 04573b82bc09ba115ea30ea7a5088a2c63b2a45d (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 4a1efbb033569..054174393ec2a 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -2,12 +2,13 @@
 , etcDir ? null
 , hpnSupport ? false
 , withKerberos ? false
-, withGssapiPatches ? withKerberos
+, withGssapiPatches ? false
 , kerberos
 , linkOpenssl? true
 }:
 
 assert withKerberos -> kerberos != null;
+assert withGssapiPatches -> withKerberos;
 
 let
 
@@ -24,6 +25,8 @@ let
 in
 with stdenv.lib;
 stdenv.mkDerivation rec {
+  # Please ensure that openssh_with_kerberos still builds when
+  # bumping the version here!
   name = "openssh-7.2p1";
 
   src = fetchurl {
author	Aneesh Agrawal <aneeshusa@gmail.com>	2016-03-08 15:14:25 -0500
committer	Aneesh Agrawal <aneeshusa@gmail.com>	2016-03-08 15:14:25 -0500
commit	9e86984fe066c09236aa0acd09e23babb66292e8 (patch)
tree	458a38c571e15c523ab01add4405040c974cf4f4 /pkgs
parent	04573b82bc09ba115ea30ea7a5088a2c63b2a45d (diff)