movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 20:55:31 +03:00
Code Issues Projects Releases Packages Wiki Activity

lsh: drop

Browse source
This commit is contained in:
Sigmanificient 2024-08-14 03:05:04 +02:00
parent 422d853079
commit e959525e15
10 changed files with 4 additions and 282 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2411.section.md
View file

@ -311,6 +311,8 @@
- The `services.trust-dns` module has been renamed to `services.hickory-dns`. - The `services.trust-dns` module has been renamed to `services.hickory-dns`.
- The `lsh` package and the `services.lshd` module have been removed as they had no maintainer in Nixpkgs and hadnt seen an upstream release in over a decade. It is recommended to migrate to `openssh` and `services.openssh`.
## Other Notable Changes {#sec-release-24.11-notable-changes} ## Other Notable Changes {#sec-release-24.11-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

1
nixos/modules/module-list.nix
View file

@ -1205,7 +1205,6 @@
./services/networking/spacecookie.nix ./services/networking/spacecookie.nix
./services/networking/spiped.nix ./services/networking/spiped.nix
./services/networking/squid.nix ./services/networking/squid.nix
./services/networking/ssh/lshd.nix
./services/networking/ssh/sshd.nix ./services/networking/ssh/sshd.nix
./services/networking/sslh.nix ./services/networking/sslh.nix
./services/networking/strongswan-swanctl/module.nix ./services/networking/strongswan-swanctl/module.nix

2
nixos/modules/rename.nix
View file

@ -37,7 +37,6 @@ in
The xow package was removed from nixpkgs. Upstream has deprecated The xow package was removed from nixpkgs. Upstream has deprecated
the project and users are urged to switch to xone. the project and users are urged to switch to xone.
'') '')
(mkRemovedOptionModule [ "networking" "liboop" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.") (mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
(mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "programs" "gnome-documents" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "programs" "gnome-documents" ] "The corresponding package was removed from nixpkgs.")
@ -71,6 +70,7 @@ in
(mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.") (mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer") (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "lshd" ] "The corresponding package was removed from nixpkgs as it had no maintainer in Nixpkgs and hasn't seen an upstream release in over a decades.")
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed") (mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")

187
nixos/modules/services/networking/ssh/lshd.nix
View file

@ -1,187 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (pkgs) lsh;
cfg = config.services.lshd;
in
{
###### interface
options = {
services.lshd = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the GNU lshd SSH2 daemon, which allows
secure remote login.
'';
};
portNumber = mkOption {
default = 22;
type = types.port;
description = ''
The port on which to listen for connections.
'';
};
interfaces = mkOption {
default = [];
type = types.listOf types.str;
description = ''
List of network interfaces where listening for connections.
When providing the empty list, `[]`, lshd listens on all
network interfaces.
'';
example = [ "localhost" "1.2.3.4:443" ];
};
hostKey = mkOption {
default = "/etc/lsh/host-key";
type = types.str;
description = ''
Path to the server's private key. Note that this key must
have been created, e.g., using "lsh-keygen --server |
lsh-writekey --server", so that you can run lshd.
'';
};
syslog = mkOption {
type = types.bool;
default = true;
description = "Whether to enable syslog output.";
};
passwordAuthentication = mkOption {
type = types.bool;
default = true;
description = "Whether to enable password authentication.";
};
publicKeyAuthentication = mkOption {
type = types.bool;
default = true;
description = "Whether to enable public key authentication.";
};
rootLogin = mkOption {
type = types.bool;
default = false;
description = "Whether to enable remote root login.";
};
loginShell = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
If non-null, override the default login shell with the
specified value.
'';
example = "/nix/store/xyz-bash-10.0/bin/bash10";
};
srpKeyExchange = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable SRP key exchange and user authentication.
'';
};
tcpForwarding = mkOption {
type = types.bool;
default = true;
description = "Whether to enable TCP/IP forwarding.";
};
x11Forwarding = mkOption {
type = types.bool;
default = true;
description = "Whether to enable X11 forwarding.";
};
subsystems = mkOption {
type = types.listOf types.path;
description = ''
List of subsystem-path pairs, where the head of the pair
denotes the subsystem name, and the tail denotes the path to
an executable implementing it.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
services.lshd.subsystems = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
systemd.services.lshd = {
description = "GNU lshd SSH2 daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
LD_LIBRARY_PATH = config.system.nssModules.path;
};
preStart = ''
test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh
test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh
if ! test -f /var/spool/lsh/yarrow-seed-file
then
# XXX: It would be nice to provide feedback to the
# user when this fails, so that they can retry it
# manually.
${lsh}/bin/lsh-make-seed --sloppy \
-o /var/spool/lsh/yarrow-seed-file
fi
if ! test -f "${cfg.hostKey}"
then
${lsh}/bin/lsh-keygen --server | \
${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}"
fi
'';
script = with cfg; ''
${lsh}/sbin/lshd --daemonic \
--password-helper="${lsh}/sbin/lsh-pam-checkpw" \
-p ${toString portNumber} \
${optionalString (interfaces != []) (concatStrings (map (i: "--interface=\"${i}\"") interfaces))} \
-h "${hostKey}" \
${optionalString (!syslog) "--no-syslog" } \
${if passwordAuthentication then "--password" else "--no-password" } \
${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
${if rootLogin then "--root-login" else "--no-root-login" } \
${optionalString (loginShell != null) "--login-shell=\"${loginShell}\"" } \
${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
--subsystems=${concatStringsSep ","
(map (pair: (head pair) + "=" +
(head (tail pair)))
subsystems)}
'';
};
security.pam.services.lshd = {};
};
}

58
pkgs/tools/networking/lsh/default.nix
View file

@ -1,58 +0,0 @@
{ lib, stdenv, fetchurl, gperf, guile, gmp, zlib, liboop, readline, gnum4, pam
, nettools, lsof, procps, libxcrypt }:
stdenv.mkDerivation rec {
pname = "lsh";
version = "2.0.4";
src = fetchurl {
url = "mirror://gnu/lsh/lsh-${version}.tar.gz";
sha256 = "614b9d63e13ad3e162c82b6405d1f67713fc622a8bc11337e72949d613713091";
};
patches = [ ./pam-service-name.patch ./lshd-no-root-login.patch ];
preConfigure = ''
# Patch `lsh-make-seed' so that it can gather enough entropy.
sed -i "src/lsh-make-seed.c" \
-e "s|/usr/sbin/arp|${nettools}/sbin/arp|g ;
s|/usr/bin/netstat|${nettools}/bin/netstat|g ;
s|/usr/local/bin/lsof|${lsof}/bin/lsof|g ;
s|/bin/vmstat|${procps}/bin/vmstat|g ;
s|/bin/ps|${procps}/bin/sp|g ;
s|/usr/bin/w|${procps}/bin/w|g ;
s|/usr/bin/df|$(type -P df)|g ;
s|/usr/bin/ipcs|$(type -P ipcs)|g ;
s|/usr/bin/uptime|$(type -P uptime)|g"
# Skip the `configure' script that checks whether /dev/ptmx & co. work as
# expected, because it relies on impurities (for instance, /dev/pts may
# be unavailable in chroots.)
export lsh_cv_sys_unix98_ptys=yes
'';
# -fcommon: workaround build failure on -fno-common toolchains like upstream
# gcc-10. Otherwise build fails as:
# ld: liblsh.a(unix_user.o):/build/lsh-2.0.4/src/server_userauth.h:108: multiple definition of
# `server_userauth_none_preauth'; lshd.o:/build/lsh-2.0.4/src/server_userauth.h:108: first defined here
# Should be present in upcoming 2.1 release.
env.NIX_CFLAGS_COMPILE = "-std=gnu90 -fcommon";
buildInputs = [ gperf guile gmp zlib liboop readline gnum4 pam libxcrypt ];
meta = {
description = "GPL'd implementation of the SSH protocol";
longDescription = ''
lsh is a free implementation (in the GNU sense) of the ssh
version 2 protocol, currently being standardised by the IETF
SECSH working group.
'';
homepage = "http://www.lysator.liu.se/~nisse/lsh/";
license = lib.licenses.gpl2Plus;
maintainers = [ ];
platforms = [ "x86_64-linux" ];
};
}

16
pkgs/tools/networking/lsh/lshd-no-root-login.patch
View file

@ -1,16 +0,0 @@
Correctly handle the `--no-root-login' option.
--- lsh-2.0.4/src/lshd.c 2006-05-01 13:47:44.000000000 +0200
+++ lsh-2.0.4/src/lshd.c 2009-09-08 12:20:36.000000000 +0200
@@ -758,6 +758,10 @@ main_argp_parser(int key, char *arg, str
self->allow_root = 1;
break;
+ case OPT_NO_ROOT_LOGIN:
+ self->allow_root = 0;
+ break;
+
case OPT_KERBEROS_PASSWD:
self->pw_helper = PATH_KERBEROS_HELPER;
break;

14
pkgs/tools/networking/lsh/pam-service-name.patch
View file

@ -1,14 +0,0 @@
Tell `lsh-pam-checkpw', the PAM password helper program, to use a more
descriptive service name.
--- lsh-2.0.4/src/lsh-pam-checkpw.c 2003-02-16 22:30:10.000000000 +0100
+++ lsh-2.0.4/src/lsh-pam-checkpw.c 2008-11-28 16:16:58.000000000 +0100
@@ -38,7 +38,7 @@
#include <security/pam_appl.h>
#define PWD_MAXLEN 1024
-#define SERVICE_NAME "other"
+#define SERVICE_NAME "lshd"
#define TIMEOUT 600
static int

1
pkgs/top-level/aliases.nix
View file

@ -912,6 +912,7 @@ mapAliases ({
llvm_11 = throw "llvm_11 has been removed from nixpkgs"; # Added 2024-01-24 llvm_11 = throw "llvm_11 has been removed from nixpkgs"; # Added 2024-01-24
lobster-two = google-fonts; # Added 2021-07-22 lobster-two = google-fonts; # Added 2021-07-22
lsh = throw "lsh has been removed as it had no maintainer in Nixpkgs and hasn't seen an upstream release in over a decade"; # Added 2024-08-14
luxcorerender = throw "'luxcorerender' has been removed as it's unmaintained and broken in nixpkgs since a while ago"; # Added 2023-06-07 luxcorerender = throw "'luxcorerender' has been removed as it's unmaintained and broken in nixpkgs since a while ago"; # Added 2023-06-07
lv_img_conv = throw "'lv_img_conv' has been removed from nixpkgs as it is broken"; # Added 2024-06-18 lv_img_conv = throw "'lv_img_conv' has been removed from nixpkgs as it is broken"; # Added 2024-06-18
lxd = lib.warn "lxd has been renamed to lxd-lts" lxd-lts; # Added 2024-04-01 lxd = lib.warn "lxd has been renamed to lxd-lts" lxd-lts; # Added 2024-04-01

4
pkgs/top-level/all-packages.nix
View file

@ -10163,10 +10163,6 @@ with pkgs;
lsb-release = callPackage ../os-specific/linux/lsb-release { }; lsb-release = callPackage ../os-specific/linux/lsb-release { };
# lsh installs `bin/nettle-lfib-stream' and so does Nettle. Give the
# former a lower priority than Nettle.
lsh = lowPrio (callPackage ../tools/networking/lsh { });
lunatic = callPackage ../development/interpreters/lunatic { }; lunatic = callPackage ../development/interpreters/lunatic { };
lux = callPackage ../tools/video/lux { }; lux = callPackage ../tools/video/lux { };

1
pkgs/top-level/release-small.nix
View file

@ -82,7 +82,6 @@ in
libxml2 = all; libxml2 = all;
libxslt = all; libxslt = all;
lout = linux; lout = linux;
lsh = linux;
lsof = linux; lsof = linux;
ltrace = linux; ltrace = linux;
lvm2 = linux; lvm2 = linux;