[jackhill/guix/guix.git] / gnu / packages / ssh.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages ssh)
  #:use-module (gnu packages)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages base)
  #:autoload   (gnu packages boost) (boost)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages elf)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages gperf)
  #:use-module (gnu packages groff)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages m4)
  #:use-module (gnu packages multiprecision)
  #:use-module (gnu packages ncurses)
  #:use-module (gnu packages nettle)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:autoload   (gnu packages protobuf) (protobuf)
  #:use-module (gnu packages readline)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xorg)
  #:use-module (guix build-system cmake)
  #:use-module (guix build-system gnu)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages))

(define-public libssh
  (package
    (name "libssh")
    (version "0.7.3")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://red.libssh.org/attachments/download/195/libssh-"
                    version ".tar.xz"))
              (sha256
               (base32
                "165g49i4kmm3bfsjm0n8hm21kadv79g9yjqyq09138jxanz4dvr6"))))
    (build-system cmake-build-system)
    (arguments
     '(#:configure-flags '("-DWITH_GCRYPT=ON")

       ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
       #:tests? #f))
    (inputs `(("zlib" ,zlib)
              ("libgcrypt" ,libgcrypt)))
    (synopsis "SSH client library")
    (description
     "libssh is a C library implementing the SSHv2 and SSHv1 protocol for
client and server implementations.  With libssh, you can remotely execute
programs, transfer files, and use a secure and transparent tunnel for your
remote applications.")
    (home-page "http://www.libssh.org")
    (license license:lgpl2.1+)))

(define libssh-0.6 ; kept private for use in guile-ssh
  (package (inherit libssh)
    (version "0.6.5")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://red.libssh.org/attachments/"
                                  "download/121/libssh-"
                                  version ".tar.xz"))
              (sha256
               (base32
                "0b6wyx6bwbb8jpn8x4rhlrdiqwqrwrs0mxjmrnqykm9kw1ijgm8g"))
              (patches (search-patches
                        "libssh-0.6.5-CVE-2016-0739.patch"))))))

(define-public libssh2
  (package
   (name "libssh2")
   (version "1.7.0")
   (source (origin
            (method url-fetch)
            (uri (string-append
                   "https://www.libssh2.org/download/libssh2-"
                   version ".tar.gz"))
            (sha256
             (base32
              "116mh112w48vv9k3f15ggp5kxw5sj4b88dzb5j69llsh7ba1ymp4"))))
   (build-system gnu-build-system)
   ;; The installed libssh2.pc file does not include paths to libgcrypt and
   ;; zlib libraries, so we need to propagate the inputs.
   (propagated-inputs `(("libgcrypt" ,libgcrypt)
                        ("zlib" ,zlib)))
   (arguments '(#:configure-flags `("--with-libgcrypt")))
   (synopsis "Client-side C library implementing the SSH2 protocol")
   (description
    "libssh2 is a library intended to allow software developers access to
the SSH-2 protocol in an easy-to-use self-contained package.  It can be built
into an application to perform many different tasks when communicating with
a server that supports the SSH-2 protocol.")
   (license license:bsd-3)
   (home-page "http://www.libssh2.org/")))

(define-public openssh
  (package
   (name "openssh")
   (version "7.3p1")
   (source (origin
            (method url-fetch)
            (uri (let ((tail (string-append name "-" version ".tar.gz")))
                   (list (string-append "http://openbsd.cs.fau.de/pub/OpenBSD/OpenSSH/portable/"
                                        tail)
                         (string-append "http://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
                                        tail)
                         (string-append "http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
                                        tail))))
            (sha256 (base32
                     "1k5y1wi29d47cgizbryxrhc1fbjsba2x8l5mqfa9b9nadnd9iyrz"))))
   (build-system gnu-build-system)
   (inputs `(("groff" ,groff)
             ("openssl" ,openssl)
             ("zlib" ,zlib)
             ("xauth" ,xauth)))                   ;for 'ssh -X' and 'ssh -Y'
   (arguments
    `(#:test-target "tests"
      #:phases
      (modify-phases %standard-phases
        (add-after 'configure 'reset-/var/empty
         (lambda* (#:key outputs #:allow-other-keys)
           (let ((out (assoc-ref outputs "out")))
             (substitute* "Makefile"
               (("PRIVSEP_PATH=/var/empty")
                (string-append "PRIVSEP_PATH=" out "/var/empty")))
             #t)))
        (add-before 'check 'patch-tests
         (lambda _
           ;; remove 't-exec' regress target which requires user 'sshd'
           (substitute* "regress/Makefile"
             (("^(REGRESS_TARGETS=.*) t-exec(.*)" all pre post)
              (string-append pre post)))
           #t))
        (replace 'install
         (lambda* (#:key outputs (make-flags '()) #:allow-other-keys)
           ;; install without host keys and system configuration files
           (and (zero? (apply system* "make" "install-nosysconf" make-flags))
                (begin
                  (install-file "contrib/ssh-copy-id"
                                (string-append (assoc-ref outputs "out")
                                               "/bin/"))
                  (chmod (string-append (assoc-ref outputs "out")
                                        "/bin/ssh-copy-id") #o555)
                  (install-file "contrib/ssh-copy-id.1"
                                (string-append (assoc-ref outputs "out")
                                               "/share/man/man1/"))
                  #t)))))))
   (synopsis "Client and server for the secure shell (ssh) protocol")
   (description
    "The SSH2 protocol implemented in OpenSSH is standardised by the
IETF secsh working group and is specified in several RFCs and drafts.
It is composed of three layered components:

The transport layer provides algorithm negotiation and a key exchange.
The key exchange includes server authentication and results in a
cryptographically secured connection: it provides integrity, confidentiality
and optional compression.

The user authentication layer uses the established connection and relies on
the services provided by the transport layer.  It provides several mechanisms
for user authentication.  These include traditional password authentication
as well as public-key or host-based authentication mechanisms.

The connection layer multiplexes many different concurrent channels over the
authenticated connection and allows tunneling of login sessions and
TCP-forwarding.  It provides a flow control service for these channels.
Additionally, various channel-specific options can be negotiated.")
   (license (license:non-copyleft "file://LICENSE"
                               "See LICENSE in the distribution."))
   (home-page "http://www.openssh.org/")))

(define-public guile-ssh
  (package
    (name "guile-ssh")
    (version "0.9.0")
    (source (origin
              ;; ftp://memory-heap.org/software/guile-ssh/guile-ssh-VERSION.tar.gz
              ;; exists, but the server appears to be too slow and unreliable.
              (method git-fetch)
              (uri (git-reference
                    (url "https://github.com/artyom-poptsov/libguile-ssh.git")
                    (commit (string-append "v" version))))
              (file-name (string-append name "-" version "-checkout"))
              (sha256
               (base32
                "04zs1cykwdyj51ag62ymrkgsja9dbhbaaglkvbfbac0bkxl2ir6d"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases (alist-cons-after
                 'unpack 'autoreconf
                 (lambda* (#:key inputs #:allow-other-keys)
                   (chmod "doc/version.texi" #o777) ;make it writable
                   (zero? (system* "autoreconf" "-vfi")))
                 (alist-cons-after
                  'install 'fix-libguile-ssh-file-name
                  (lambda* (#:key outputs #:allow-other-keys)
                    (let* ((out      (assoc-ref outputs "out"))
                           (libdir   (string-append out "/lib"))
                           (guiledir (string-append out
                                                    "/share/guile/site/2.0")))
                      (substitute* (find-files guiledir ".scm")
                        (("\"libguile-ssh\"")
                         (string-append "\"" libdir "/libguile-ssh\"")))

                      ;; Make sure it works.
                      (setenv "GUILE_LOAD_PATH" guiledir)
                      (setenv "GUILE_LOAD_COMPILED_PATH" guiledir)
                      (zero?
                       (system* "guile" "-c" "(use-modules (ssh session))"))))
                  %standard-phases))
       #:configure-flags (list (string-append "--with-guilesitedir="
                                              (assoc-ref %outputs "out")
                                              "/share/guile/site/2.0"))

       ;; Tests are not parallel-safe.
       #:parallel-tests? #f))
    (native-inputs `(("autoconf" ,autoconf)
                     ("automake" ,automake)
                     ("libtool" ,libtool)
                     ("texinfo" ,texinfo)
                     ("pkg-config" ,pkg-config)
                     ("which" ,which)))
    (inputs `(("guile" ,guile-2.0)
              ("libssh" ,libssh-0.6)
              ("libgcrypt" ,libgcrypt)))
    (synopsis "Guile bindings to libssh")
    (description
     "Guile-SSH is a library that provides access to the SSH protocol for
programs written in GNU Guile interpreter.  It is a wrapper to the underlying
libssh library.")
    (home-page "https://github.com/artyom-poptsov/libguile-ssh")
    (license license:gpl3+)))

(define-public corkscrew
  (package
    (name "corkscrew")
    (version "2.0")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "http://www.agroman.net/corkscrew/corkscrew-"
                           version ".tar.gz"))
       (sha256 (base32
                "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd"))))
    (build-system gnu-build-system)
    (arguments
     ;; Replace configure phase as the ./configure script does not link
     ;; CONFIG_SHELL and SHELL passed as parameters
     '(#:phases
       (modify-phases %standard-phases
         (replace 'configure
           (lambda* (#:key outputs inputs system build target
                           #:allow-other-keys #:rest args)
             (let* ((configure (assoc-ref %standard-phases 'configure))
                    (prefix (assoc-ref outputs "out"))
                    (bash   (which "bash"))
                    ;; Set --build and --host flags as the provided config.guess
                    ;; is not able to detect them
                    (flags `(,(string-append "--prefix=" prefix)
                             ,(string-append "--build=" build)
                             ,(string-append "--host=" (or target build)))))
               (setenv "CONFIG_SHELL" bash)
               (zero? (apply system* bash
                             (string-append "." "/configure")
                             flags))))))))
    (home-page "http://www.agroman.net/corkscrew")
    (synopsis "Tunneling SSH through HTTP proxies")
    (description
     "Corkscrew allows creating TCP tunnels through HTTP proxies.  WARNING:
At the moment only plain text authentication is supported, should you require
to use it with your HTTP proxy.  Digest based authentication may be supported
in future and NTLM based authentication is most likey never be supported.")
    (license license:gpl2+)))

(define-public mosh
  (package
    (name "mosh")
    (version "1.2.6")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://mosh.org/mosh-" version ".tar.gz"))
              (sha256
               (base32
                "118fhpm754wpklf1blnlq5xbvrxqml6rdfs3b07wg666zkxvg0ky"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'install 'wrap
           (lambda* (#:key outputs #:allow-other-keys)
             ;; Make sure 'mosh' can find 'mosh-client' and
             ;; 'mosh-server'.
             (let* ((out (assoc-ref outputs "out"))
                    (bin (string-append out "/bin")))
               (wrap-program (string-append bin "/mosh")
                             `("PATH" ":" prefix (,bin)))))))))
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (inputs
     `(("openssl" ,openssl)
       ("perl" ,perl)
       ("perl-io-tty" ,perl-io-tty)
       ("zlib" ,zlib)
       ("ncurses" ,ncurses)
       ("protobuf" ,protobuf)
       ("boost-headers" ,boost)))
    (home-page "https://mosh.org/")
    (synopsis "Remote shell tolerant to intermittent connectivity")
    (description
     "Remote terminal application that allows roaming, supports intermittent
connectivity, and provides intelligent local echo and line editing of user
keystrokes.  Mosh is a replacement for SSH.  It's more robust and responsive,
especially over Wi-Fi, cellular, and long-distance links.")
    (license license:gpl3+)))

(define-public dropbear
  (package
    (name "dropbear")
    (version "2016.73")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://matt.ucc.asn.au/" name "/releases/"
                    name "-" version ".tar.bz2"))
              (sha256
               (base32
                "1mzg18jss1bsmcnn88zv7kv5yj01hzimndnd5636hfq9kgva8qaw"))))
    (build-system gnu-build-system)
    (arguments  `(#:tests? #f)) ; There is no "make check" or anything similar
    (inputs `(("zlib" ,zlib)))
    (synopsis "Small SSH server and client")
    (description "Dropbear is a relatively small SSH server and
client.  It runs on a variety of POSIX-based platforms.  Dropbear is
particularly useful for embedded systems, such as wireless routers.")
    (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html")
    (license (license:x11-style "" "See file LICENSE."))))

(define-public liboop
  (package
    (name "liboop")
    (version "1.0")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "http://download.ofb.net/liboop/liboop-"
                          version ".tar.gz"))
      (sha256
       (base32
        "0z6rlalhvfca64jpvksppc9bdhs7jwhiw4y35g5ibvh91xp3rn1l"))
      (patches (search-patches "liboop-mips64-deplibs-fix.patch"))))
    (build-system gnu-build-system)
    (home-page "http://www.lysator.liu.se/liboop/")
    (synopsis "Event loop library")
    (description "Liboop is a low-level event loop management library for
POSIX-based operating systems.  It supports the development of modular,
multiplexed applications which may respond to events from several sources.  It
replaces the \"select() loop\" and allows the registration of event handlers
for file and network I/O, timers and signals.  Since processes use these
mechanisms for almost all external communication, liboop can be used as the
basis for almost any application.")
    (license license:lgpl2.1+)))

(define-public lsh
  (package
    (name "lsh")
    (version "2.1")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/lsh/lsh-"
                                  version ".tar.gz"))
              (sha256
               (base32
                "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb"))
              (modules '((guix build utils)))
              (snippet
               '(begin
                  (substitute* "src/testsuite/functions.sh"
                    (("localhost")
                     ;; Avoid host name lookups since they don't work in
                     ;; chroot builds.
                     "127.0.0.1")
                    (("set -e")
                     ;; Make tests more verbose.
                     "set -e\nset -x"))

                  (substitute* (find-files "src/testsuite" "-test$")
                    (("localhost") "127.0.0.1"))

                  (substitute* "src/testsuite/login-auth-test"
                    (("/bin/cat") "cat"))))))
    (build-system gnu-build-system)
    (native-inputs
     `(("m4" ,m4)
       ("guile" ,guile-2.0)
       ("gperf" ,gperf)
       ("psmisc" ,psmisc)))                       ; for `killall'
    (inputs
     `(("nettle" ,nettle-2)
       ("linux-pam" ,linux-pam)

       ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in
       ;; Readline 6.3.
       ("readline" ,readline-6.2)

       ("liboop" ,liboop)
       ("zlib" ,zlib)
       ("gmp" ,gmp)

       ;; The server (lshd) invokes xauth when X11 forwarding is requested.
       ;; This adds 24 MiB (or 27%) to the closure of lsh.
       ("xauth" ,xauth)))
    (arguments
     '(;; Skip the `configure' test that checks whether /dev/ptmx &
       ;; co. work as expected, because it relies on impurities (for
       ;; instance, /dev/pts may be unavailable in chroots.)
       #:configure-flags '("lsh_cv_sys_unix98_ptys=yes")

       ;; FIXME: Tests won't run in a chroot, presumably because
       ;; /etc/profile is missing, and thus clients get an empty $PATH
       ;; and nothing works.
       #:tests? #f

       #:phases
       (modify-phases %standard-phases
         (add-before 'configure 'pre-configure
           (lambda* (#:key inputs #:allow-other-keys)
             (let* ((nettle    (assoc-ref inputs "nettle"))
                    (sexp-conv (string-append nettle "/bin/sexp-conv")))
               ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
               ;; by default.
               (substitute* "src/environ.h.in"
                 (("^#define PATH_SEXP_CONV.*")
                  (string-append "#define PATH_SEXP_CONV \""
                                 sexp-conv "\"\n")))

               ;; Same for the 'lsh-authorize' script.
               (substitute* "src/lsh-authorize"
                 (("=sexp-conv")
                  (string-append "=" sexp-conv)))

               ;; Tell lshd where 'xauth' lives.  Another option would be to
               ;; hardcode "/run/current-system/profile/bin/xauth", thereby
               ;; reducing the closure size, but that wouldn't work on foreign
               ;; distros.
               (with-fluids ((%default-port-encoding "ISO-8859-1"))
                 (substitute* "src/server_x11.c"
                   (("define XAUTH_PROGRAM.*")
                    (string-append "define XAUTH_PROGRAM \""
                                   (assoc-ref inputs "xauth")
                                   "/bin/xauth\"\n")))))

             ;; Tests rely on $USER being set.
             (setenv "USER" "guix"))))))
    (home-page "http://www.lysator.liu.se/~nisse/lsh/")
    (synopsis "GNU implementation of the Secure Shell (ssh) protocols")
    (description
     "GNU lsh is a free implementation of the SSH version 2 protocol.  It is
used to create a secure line of communication between two computers,
providing shell access to the server system from the client.  It provides
both the server daemon and the client application, as well as tools for
manipulating key files.")
    (license license:gpl2+)))

(define-public sshpass
  (package
    (name "sshpass")
    (version "1.06")
    (synopsis "Non-interactive password authentication with SSH")
    (home-page "https://sourceforge.net/projects/sshpass/")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/sshpass/sshpass/"
                           version "/sshpass-" version ".tar.gz"))
       (sha256
        (base32
         "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6"))))
    (build-system gnu-build-system)
    (description "sshpass is a tool for non-interactivly performing password
authentication with SSH's so-called @dfn{interactive keyboard password
authentication}.")
    (license license:gpl2+)))
Commit	Line	Data
2fbf053b	1	;;; GNU Guix --- Functional package management for GNU
2102ae2e	2	;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
06ed5982	3	;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
45f2ffb4	4	;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
dec3e015	5	;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
78d80c5c	6	;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
c777570b	7	;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
2fbf053b AE	8	;;;
	9	;;; This file is part of GNU Guix.
	10	;;;
	11	;;; GNU Guix is free software; you can redistribute it and/or modify it
	12	;;; under the terms of the GNU General Public License as published by
	13	;;; the Free Software Foundation; either version 3 of the License, or (at
	14	;;; your option) any later version.
	15	;;;
	16	;;; GNU Guix is distributed in the hope that it will be useful, but
	17	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	18	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	;;; GNU General Public License for more details.
	20	;;;
	21	;;; You should have received a copy of the GNU General Public License
	22	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	23
	24	(define-module (gnu packages ssh)
2102ae2e DC	25	#:use-module (gnu packages)
	26	#:use-module (gnu packages autotools)
	27	#:use-module (gnu packages base)
	28	#:autoload (gnu packages boost) (boost)
2fbf053b	29	#:use-module (gnu packages compression)
2102ae2e	30	#:use-module (gnu packages elf)
2fbf053b	31	#:use-module (gnu packages gnupg)
2102ae2e	32	#:use-module (gnu packages gperf)
fe0b8a78	33	#:use-module (gnu packages groff)
49d294e5	34	#:use-module (gnu packages guile)
2102ae2e DC	35	#:use-module (gnu packages linux)
	36	#:use-module (gnu packages m4)
	37	#:use-module (gnu packages multiprecision)
87bf526b	38	#:use-module (gnu packages ncurses)
2102ae2e DC	39	#:use-module (gnu packages nettle)
	40	#:use-module (gnu packages perl)
	41	#:use-module (gnu packages pkg-config)
87bf526b	42	#:autoload (gnu packages protobuf) (protobuf)
2102ae2e DC	43	#:use-module (gnu packages readline)
2102ae2e DC	44	#:use-module (gnu packages texinfo)
cc2b77df	45	#:use-module (gnu packages tls)
2102ae2e DC	46	#:use-module (gnu packages xorg)
	47	#:use-module (guix build-system cmake)
	48	#:use-module (guix build-system gnu)
2fbf053b	49	#:use-module (guix download)
817efe8b	50	#:use-module (guix git-download)
2102ae2e DC	51	#:use-module ((guix licenses) #:prefix license:)
2102ae2e DC	52	#:use-module (guix packages))
1681cd4a LC	53
	54	(define-public libssh
	55	(package
	56	(name "libssh")
85267efb	57	(version "0.7.3")
1681cd4a LC	58	(source (origin
1681cd4a LC	59	(method url-fetch)
87390c15	60	(uri (string-append
85267efb	61	"https://red.libssh.org/attachments/download/195/libssh-"
87390c15	62	version ".tar.xz"))
1681cd4a LC	63	(sha256
1681cd4a LC	64	(base32
85267efb	65	"165g49i4kmm3bfsjm0n8hm21kadv79g9yjqyq09138jxanz4dvr6"))))
1681cd4a	66	(build-system cmake-build-system)
deed349b	67	(arguments
06ed5982	68	'(#:configure-flags '("-DWITH_GCRYPT=ON")
deed349b LC	69
deed349b LC	70	;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
06ed5982	71	#:tests? #f))
1681cd4a	72	(inputs `(("zlib" ,zlib)
b3546174	73	("libgcrypt" ,libgcrypt)))
1681cd4a LC	74	(synopsis "SSH client library")
	75	(description
	76	"libssh is a C library implementing the SSHv2 and SSHv1 protocol for
	77	client and server implementations. With libssh, you can remotely execute
	78	programs, transfer files, and use a secure and transparent tunnel for your
	79	remote applications.")
	80	(home-page "http://www.libssh.org")
	81	(license license:lgpl2.1+)))
2fbf053b	82
85267efb	83	(define libssh-0.6 ; kept private for use in guile-ssh
9c333da6	84	(package (inherit libssh)
85267efb	85	(version "0.6.5")
9c333da6 LC	86	(source (origin
9c333da6 LC	87	(method url-fetch)
85267efb LF	88	(uri (string-append "https://red.libssh.org/attachments/"
	89	"download/121/libssh-"
	90	version ".tar.xz"))
9c333da6 LC	91	(sha256
9c333da6 LC	92	(base32
85267efb	93	"0b6wyx6bwbb8jpn8x4rhlrdiqwqrwrs0mxjmrnqykm9kw1ijgm8g"))
fc1adab1 AK	94	(patches (search-patches
fc1adab1 AK	95	"libssh-0.6.5-CVE-2016-0739.patch"))))))
9c333da6	96
2fbf053b AE	97	(define-public libssh2
	98	(package
	99	(name "libssh2")
78d80c5c	100	(version "1.7.0")
2fbf053b AE	101	(source (origin
	102	(method url-fetch)
	103	(uri (string-append
78d80c5c	104	"https://www.libssh2.org/download/libssh2-"
2fbf053b	105	version ".tar.gz"))
78d80c5c LF	106	(sha256
	107	(base32
	108	"116mh112w48vv9k3f15ggp5kxw5sj4b88dzb5j69llsh7ba1ymp4"))))
2fbf053b	109	(build-system gnu-build-system)
e9c14f37 EB	110	;; The installed libssh2.pc file does not include paths to libgcrypt and
	111	;; zlib libraries, so we need to propagate the inputs.
	112	(propagated-inputs `(("libgcrypt" ,libgcrypt)
	113	("zlib" ,zlib)))
	114	(arguments '(#:configure-flags `("--with-libgcrypt")))
35b9e423	115	(synopsis "Client-side C library implementing the SSH2 protocol")
2fbf053b AE	116	(description
2fbf053b AE	117	"libssh2 is a library intended to allow software developers access to
35b9e423	118	the SSH-2 protocol in an easy-to-use self-contained package. It can be built
2fbf053b AE	119	into an application to perform many different tasks when communicating with
	120	a server that supports the SSH-2 protocol.")
	121	(license license:bsd-3)
	122	(home-page "http://www.libssh2.org/")))
fe0b8a78 AE	123
	124	(define-public openssh
	125	(package
	126	(name "openssh")
742effef	127	(version "7.3p1")
fe0b8a78 AE	128	(source (origin
fe0b8a78 AE	129	(method url-fetch)
ca2baf10	130	(uri (let ((tail (string-append name "-" version ".tar.gz")))
087a4e9c	131	(list (string-append "http://openbsd.cs.fau.de/pub/OpenBSD/OpenSSH/portable/"
ca2baf10	132	tail)
087a4e9c MW	133	(string-append "http://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
	134	tail)
	135	(string-append "http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
ca2baf10	136	tail))))
fe0b8a78	137	(sha256 (base32
742effef	138	"1k5y1wi29d47cgizbryxrhc1fbjsba2x8l5mqfa9b9nadnd9iyrz"))))
fe0b8a78 AE	139	(build-system gnu-build-system)
	140	(inputs `(("groff" ,groff)
	141	("openssl" ,openssl)
683a4a34 LC	142	("zlib" ,zlib)
683a4a34 LC	143	("xauth" ,xauth))) ;for 'ssh -X' and 'ssh -Y'
fe0b8a78 AE	144	(arguments
	145	`(#:test-target "tests"
	146	#:phases
a9ee11d5 RW	147	(modify-phases %standard-phases
	148	(add-after 'configure 'reset-/var/empty
	149	(lambda* (#:key outputs #:allow-other-keys)
	150	(let ((out (assoc-ref outputs "out")))
	151	(substitute* "Makefile"
	152	(("PRIVSEP_PATH=/var/empty")
	153	(string-append "PRIVSEP_PATH=" out "/var/empty")))
	154	#t)))
	155	(add-before 'check 'patch-tests
	156	(lambda _
	157	;; remove 't-exec' regress target which requires user 'sshd'
	158	(substitute* "regress/Makefile"
	159	(("^(REGRESS_TARGETS=.) t-exec(.)" all pre post)
	160	(string-append pre post)))
	161	#t))
	162	(replace 'install
36f26211	163	(lambda* (#:key outputs (make-flags '()) #:allow-other-keys)
a9ee11d5	164	;; install without host keys and system configuration files
36f26211 RW	165	(and (zero? (apply system* "make" "install-nosysconf" make-flags))
	166	(begin
	167	(install-file "contrib/ssh-copy-id"
	168	(string-append (assoc-ref outputs "out")
	169	"/bin/"))
	170	(chmod (string-append (assoc-ref outputs "out")
	171	"/bin/ssh-copy-id") #o555)
	172	(install-file "contrib/ssh-copy-id.1"
	173	(string-append (assoc-ref outputs "out")
	174	"/share/man/man1/"))
	175	#t)))))))
35b9e423	176	(synopsis "Client and server for the secure shell (ssh) protocol")
fe0b8a78 AE	177	(description
	178	"The SSH2 protocol implemented in OpenSSH is standardised by the
	179	IETF secsh working group and is specified in several RFCs and drafts.
	180	It is composed of three layered components:
	181
	182	The transport layer provides algorithm negotiation and a key exchange.
	183	The key exchange includes server authentication and results in a
	184	cryptographically secured connection: it provides integrity, confidentiality
	185	and optional compression.
	186
	187	The user authentication layer uses the established connection and relies on
35b9e423 EB	188	the services provided by the transport layer. It provides several mechanisms
35b9e423 EB	189	for user authentication. These include traditional password authentication
fe0b8a78 AE	190	as well as public-key or host-based authentication mechanisms.
	191
	192	The connection layer multiplexes many different concurrent channels over the
	193	authenticated connection and allows tunneling of login sessions and
35b9e423	194	TCP-forwarding. It provides a flow control service for these channels.
fe0b8a78	195	Additionally, various channel-specific options can be negotiated.")
166191b3	196	(license (license:non-copyleft "file://LICENSE"
fe0b8a78 AE	197	"See LICENSE in the distribution."))
	198	(home-page "http://www.openssh.org/")))
	199
49d294e5 LC	200	(define-public guile-ssh
	201	(package
	202	(name "guile-ssh")
319007c5	203	(version "0.9.0")
49d294e5	204	(source (origin
44fd0994 LC	205	;; ftp://memory-heap.org/software/guile-ssh/guile-ssh-VERSION.tar.gz
44fd0994 LC	206	;; exists, but the server appears to be too slow and unreliable.
817efe8b LC	207	(method git-fetch)
	208	(uri (git-reference
	209	(url "https://github.com/artyom-poptsov/libguile-ssh.git")
46ffff90	210	(commit (string-append "v" version))))
821f4dc2	211	(file-name (string-append name "-" version "-checkout"))
49d294e5 LC	212	(sha256
49d294e5 LC	213	(base32
319007c5	214	"04zs1cykwdyj51ag62ymrkgsja9dbhbaaglkvbfbac0bkxl2ir6d"))))
49d294e5 LC	215	(build-system gnu-build-system)
49d294e5 LC	216	(arguments
9dcd1b3b MW	217	'(#:phases (alist-cons-after
9dcd1b3b MW	218	'unpack 'autoreconf
49d294e5	219	(lambda* (#:key inputs #:allow-other-keys)
817efe8b	220	(chmod "doc/version.texi" #o777) ;make it writable
49d294e5 LC	221	(zero? (system* "autoreconf" "-vfi")))
	222	(alist-cons-after
	223	'install 'fix-libguile-ssh-file-name
	224	(lambda* (#:key outputs #:allow-other-keys)
	225	(let* ((out (assoc-ref outputs "out"))
	226	(libdir (string-append out "/lib"))
	227	(guiledir (string-append out
	228	"/share/guile/site/2.0")))
	229	(substitute* (find-files guiledir ".scm")
	230	(("\"libguile-ssh\"")
	231	(string-append "\"" libdir "/libguile-ssh\"")))
	232
	233	;; Make sure it works.
	234	(setenv "GUILE_LOAD_PATH" guiledir)
	235	(setenv "GUILE_LOAD_COMPILED_PATH" guiledir)
843b1962 LC	236	(zero?
843b1962 LC	237	(system* "guile" "-c" "(use-modules (ssh session))"))))
49d294e5 LC	238	%standard-phases))
	239	#:configure-flags (list (string-append "--with-guilesitedir="
	240	(assoc-ref %outputs "out")
00ee3a71 LC	241	"/share/guile/site/2.0"))
00ee3a71 LC	242
afde8da3 LC	243	;; Tests are not parallel-safe.
afde8da3 LC	244	#:parallel-tests? #f))
49d294e5 LC	245	(native-inputs `(("autoconf" ,autoconf)
49d294e5 LC	246	("automake" ,automake)
3246cc91	247	("libtool" ,libtool)
00ee3a71	248	("texinfo" ,texinfo)
49d294e5 LC	249	("pkg-config" ,pkg-config)
	250	("which" ,which)))
	251	(inputs `(("guile" ,guile-2.0)
85267efb	252	("libssh" ,libssh-0.6)
44fd0994	253	("libgcrypt" ,libgcrypt)))
49d294e5 LC	254	(synopsis "Guile bindings to libssh")
	255	(description
	256	"Guile-SSH is a library that provides access to the SSH protocol for
	257	programs written in GNU Guile interpreter. It is a wrapper to the underlying
	258	libssh library.")
	259	(home-page "https://github.com/artyom-poptsov/libguile-ssh")
	260	(license license:gpl3+)))
513e1950 SHT	261
	262	(define-public corkscrew
	263	(package
	264	(name "corkscrew")
	265	(version "2.0")
	266	(source
	267	(origin
	268	(method url-fetch)
	269	(uri (string-append "http://www.agroman.net/corkscrew/corkscrew-"
	270	version ".tar.gz"))
	271	(sha256 (base32
	272	"1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd"))))
	273	(build-system gnu-build-system)
	274	(arguments
	275	;; Replace configure phase as the ./configure script does not link
	276	;; CONFIG_SHELL and SHELL passed as parameters
	277	'(#:phases
91c52629 EF	278	(modify-phases %standard-phases
	279	(replace 'configure
	280	(lambda* (#:key outputs inputs system build target
	281	#:allow-other-keys #:rest args)
	282	(let* ((configure (assoc-ref %standard-phases 'configure))
	283	(prefix (assoc-ref outputs "out"))
	284	(bash (which "bash"))
	285	;; Set --build and --host flags as the provided config.guess
	286	;; is not able to detect them
	287	(flags `(,(string-append "--prefix=" prefix)
	288	,(string-append "--build=" build)
	289	,(string-append "--host=" (or target build)))))
	290	(setenv "CONFIG_SHELL" bash)
	291	(zero? (apply system* bash
	292	(string-append "." "/configure")
	293	flags))))))))
513e1950	294	(home-page "http://www.agroman.net/corkscrew")
9e771e3b	295	(synopsis "Tunneling SSH through HTTP proxies")
513e1950 SHT	296	(description
	297	"Corkscrew allows creating TCP tunnels through HTTP proxies. WARNING:
	298	At the moment only plain text authentication is supported, should you require
	299	to use it with your HTTP proxy. Digest based authentication may be supported
	300	in future and NTLM based authentication is most likey never be supported.")
	301	(license license:gpl2+)))
87bf526b LC	302
	303	(define-public mosh
	304	(package
	305	(name "mosh")
0ec60d6e	306	(version "1.2.6")
87bf526b LC	307	(source (origin
87bf526b LC	308	(method url-fetch)
c3671282	309	(uri (string-append "https://mosh.org/mosh-" version ".tar.gz"))
87bf526b LC	310	(sha256
87bf526b LC	311	(base32
0ec60d6e	312	"118fhpm754wpklf1blnlq5xbvrxqml6rdfs3b07wg666zkxvg0ky"))))
87bf526b LC	313	(build-system gnu-build-system)
87bf526b LC	314	(arguments
11379192 EF	315	'(#:phases
	316	(modify-phases %standard-phases
	317	(add-after 'install 'wrap
	318	(lambda* (#:key outputs #:allow-other-keys)
	319	;; Make sure 'mosh' can find 'mosh-client' and
	320	;; 'mosh-server'.
	321	(let* ((out (assoc-ref outputs "out"))
	322	(bin (string-append out "/bin")))
	323	(wrap-program (string-append bin "/mosh")
	324	`("PATH" ":" prefix (,bin)))))))))
87bf526b LC	325	(native-inputs
	326	`(("pkg-config" ,pkg-config)))
	327	(inputs
	328	`(("openssl" ,openssl)
	329	("perl" ,perl)
	330	("perl-io-tty" ,perl-io-tty)
	331	("zlib" ,zlib)
	332	("ncurses" ,ncurses)
	333	("protobuf" ,protobuf)
	334	("boost-headers" ,boost)))
c3671282	335	(home-page "https://mosh.org/")
87bf526b LC	336	(synopsis "Remote shell tolerant to intermittent connectivity")
	337	(description
	338	"Remote terminal application that allows roaming, supports intermittent
	339	connectivity, and provides intelligent local echo and line editing of user
	340	keystrokes. Mosh is a replacement for SSH. It's more robust and responsive,
	341	especially over Wi-Fi, cellular, and long-distance links.")
	342	(license license:gpl3+)))
8c6cfd55 JD	343
	344	(define-public dropbear
	345	(package
	346	(name "dropbear")
1a6d3d2d	347	(version "2016.73")
8c6cfd55 JD	348	(source (origin
	349	(method url-fetch)
	350	(uri (string-append
dec3e015	351	"https://matt.ucc.asn.au/" name "/releases/"
a124bbd2	352	name "-" version ".tar.bz2"))
8c6cfd55	353	(sha256
dec3e015	354	(base32
1a6d3d2d	355	"1mzg18jss1bsmcnn88zv7kv5yj01hzimndnd5636hfq9kgva8qaw"))))
8c6cfd55 JD	356	(build-system gnu-build-system)
	357	(arguments `(#:tests? #f)) ; There is no "make check" or anything similar
	358	(inputs `(("zlib" ,zlib)))
	359	(synopsis "Small SSH server and client")
	360	(description "Dropbear is a relatively small SSH server and
35b9e423 EB	361	client. It runs on a variety of POSIX-based platforms. Dropbear is
35b9e423 EB	362	particularly useful for embedded systems, such as wireless routers.")
8c6cfd55 JD	363	(home-page "https://matt.ucc.asn.au/dropbear/dropbear.html")
8c6cfd55 JD	364	(license (license:x11-style "" "See file LICENSE."))))
2102ae2e DC	365
	366	(define-public liboop
	367	(package
	368	(name "liboop")
	369	(version "1.0")
	370	(source
	371	(origin
	372	(method url-fetch)
	373	(uri (string-append "http://download.ofb.net/liboop/liboop-"
	374	version ".tar.gz"))
	375	(sha256
	376	(base32
	377	"0z6rlalhvfca64jpvksppc9bdhs7jwhiw4y35g5ibvh91xp3rn1l"))
	378	(patches (search-patches "liboop-mips64-deplibs-fix.patch"))))
	379	(build-system gnu-build-system)
	380	(home-page "http://www.lysator.liu.se/liboop/")
	381	(synopsis "Event loop library")
	382	(description "Liboop is a low-level event loop management library for
	383	POSIX-based operating systems. It supports the development of modular,
	384	multiplexed applications which may respond to events from several sources. It
	385	replaces the \"select() loop\" and allows the registration of event handlers
	386	for file and network I/O, timers and signals. Since processes use these
	387	mechanisms for almost all external communication, liboop can be used as the
	388	basis for almost any application.")
	389	(license license:lgpl2.1+)))
	390
	391	(define-public lsh
	392	(package
	393	(name "lsh")
	394	(version "2.1")
	395	(source (origin
	396	(method url-fetch)
	397	(uri (string-append "mirror://gnu/lsh/lsh-"
	398	version ".tar.gz"))
	399	(sha256
	400	(base32
	401	"1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb"))
	402	(modules '((guix build utils)))
	403	(snippet
	404	'(begin
	405	(substitute* "src/testsuite/functions.sh"
	406	(("localhost")
	407	;; Avoid host name lookups since they don't work in
	408	;; chroot builds.
	409	"127.0.0.1")
	410	(("set -e")
	411	;; Make tests more verbose.
	412	"set -e\nset -x"))
	413
	414	(substitute* (find-files "src/testsuite" "-test$")
	415	(("localhost") "127.0.0.1"))
	416
	417	(substitute* "src/testsuite/login-auth-test"
	418	(("/bin/cat") "cat"))))))
	419	(build-system gnu-build-system)
	420	(native-inputs
	421	`(("m4" ,m4)
	422	("guile" ,guile-2.0)
	423	("gperf" ,gperf)
	424	("psmisc" ,psmisc))) ; for `killall'
	425	(inputs
	426	`(("nettle" ,nettle-2)
	427	("linux-pam" ,linux-pam)
	428
429	;; 'rl.c' uses the 'CPPFunction' type, which is no longer in
430	;; Readline 6.3.
431	("readline" ,readline-6.2)
432
433	("liboop" ,liboop)
434	("zlib" ,zlib)
435	("gmp" ,gmp)
436
437	;; The server (lshd) invokes xauth when X11 forwarding is requested.
438	;; This adds 24 MiB (or 27%) to the closure of lsh.
439	("xauth" ,xauth)))
440	(arguments
441	'(;; Skip the `configure' test that checks whether /dev/ptmx &
442	;; co. work as expected, because it relies on impurities (for
443	;; instance, /dev/pts may be unavailable in chroots.)
444	#:configure-flags '("lsh_cv_sys_unix98_ptys=yes")
445
446	;; FIXME: Tests won't run in a chroot, presumably because
447	;; /etc/profile is missing, and thus clients get an empty $PATH
448	;; and nothing works.
449	#:tests? #f
450
451	#:phases
452	(modify-phases %standard-phases
453	(add-before 'configure 'pre-configure
454	(lambda* (#:key inputs #:allow-other-keys)
455	(let* ((nettle (assoc-ref inputs "nettle"))
456	(sexp-conv (string-append nettle "/bin/sexp-conv")))
457	;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
458	;; by default.
459	(substitute* "src/environ.h.in"
460	(("^#define PATH_SEXP_CONV.*")
461	(string-append "#define PATH_SEXP_CONV \""
462	sexp-conv "\"\n")))
463
464	;; Same for the 'lsh-authorize' script.
465	(substitute* "src/lsh-authorize"
466	(("=sexp-conv")
467	(string-append "=" sexp-conv)))
468
469	;; Tell lshd where 'xauth' lives. Another option would be to
470	;; hardcode "/run/current-system/profile/bin/xauth", thereby
471	;; reducing the closure size, but that wouldn't work on foreign
472	;; distros.
473	(with-fluids ((%default-port-encoding "ISO-8859-1"))
474	(substitute* "src/server_x11.c"
475	(("define XAUTH_PROGRAM.*")
476	(string-append "define XAUTH_PROGRAM \""
477	(assoc-ref inputs "xauth")
478	"/bin/xauth\"\n")))))
479
480	;; Tests rely on $USER being set.
481	(setenv "USER" "guix"))))))
482	(home-page "http://www.lysator.liu.se/~nisse/lsh/")
483	(synopsis "GNU implementation of the Secure Shell (ssh) protocols")
484	(description
485	"GNU lsh is a free implementation of the SSH version 2 protocol. It is
486	used to create a secure line of communication between two computers,
487	providing shell access to the server system from the client. It provides
488	both the server daemon and the client application, as well as tools for
489	manipulating key files.")
490	(license license:gpl2+)))
c777570b NG	491
	492	(define-public sshpass
	493	(package
	494	(name "sshpass")
	495	(version "1.06")
	496	(synopsis "Non-interactive password authentication with SSH")
	497	(home-page "https://sourceforge.net/projects/sshpass/")
	498	(source
	499	(origin
	500	(method url-fetch)
	501	(uri (string-append "mirror://sourceforge/sshpass/sshpass/"
	502	version "/sshpass-" version ".tar.gz"))
	503	(sha256
	504	(base32
	505	"0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6"))))
	506	(build-system gnu-build-system)
	507	(description "sshpass is a tool for non-interactivly performing password
	508	authentication with SSH's so-called @dfn{interactive keyboard password
	509	authentication}.")
	510	(license license:gpl2+)))