From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 18:12:56 +0000 (-0400)
Subject: gnu: openssh: Add support for ecdsa-sk, ed25519-sk ssh keys.
X-Git-Url: http://git.hcoop.net/jackhill/guix/guix.git/commitdiff_plain/8cc099b4250589c0d23fc6762868f6542433f143

gnu: openssh: Add support for ecdsa-sk, ed25519-sk ssh keys.

* gnu/packages/ssh.scm (openssh)[inputs]: Add LIBFIDO2.
[arguments]: Pass "--with-security-key-builtin".

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index a681945f8e..616f6dc915 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -63,6 +63,7 @@
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages security-token)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xorg)
@@ -199,6 +200,7 @@ a server that supports the SSH-2 protocol.")
    (native-inputs `(("groff" ,groff)
                     ("pkg-config" ,pkg-config)))
    (inputs `(("libedit" ,libedit)
+             ("libfido2" ,libfido2)
              ("openssl" ,openssl)
              ,@(if (hurd-target?)
                  '()
@@ -229,6 +231,9 @@ a server that supports the SSH-2 protocol.")
                                '()
                                '("--with-pam"))
 
+                          ;; supports creation and use of ecdsa-sk, ed25519-sk keys
+                          "--with-security-key-builtin"
+
                           ;; "make install" runs "install -s" by default,
                           ;; which doesn't work for cross-compiled binaries
                           ;; because it invokes 'strip' instead of