Commit | Line | Data |
---|---|---|
2fbf053b | 1 | ;;; GNU Guix --- Functional package management for GNU |
6a7c4636 | 2 | ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> |
06ed5982 | 3 | ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr> |
45f2ffb4 | 4 | ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> |
87007947 | 5 | ;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner <efraim@flashner.co.il> |
af8f7eb4 | 6 | ;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name> |
c777570b | 7 | ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr> |
8caeb117 | 8 | ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> |
91815e8d | 9 | ;;; Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr> |
c9a6a36f | 10 | ;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at> |
227dbd84 | 11 | ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> |
3c986a7d | 12 | ;;; Copyright © 2017 Nikita <nikita@n0.is> |
ae72b8f5 | 13 | ;;; Copyright © 2018 Manuel Graf <graf@init.at> |
618631f3 | 14 | ;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com> |
b0966ba2 | 15 | ;;; Copyright © 2019, 2020 Mathieu Othacehe <m.othacehe@gmail.com> |
6a39cbe7 | 16 | ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> |
96fe62d8 | 17 | ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com> |
2fbf053b AE |
18 | ;;; |
19 | ;;; This file is part of GNU Guix. | |
20 | ;;; | |
21 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
22 | ;;; under the terms of the GNU General Public License as published by | |
23 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
24 | ;;; your option) any later version. | |
25 | ;;; | |
26 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
27 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
28 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
29 | ;;; GNU General Public License for more details. | |
30 | ;;; | |
31 | ;;; You should have received a copy of the GNU General Public License | |
32 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
33 | ||
34 | (define-module (gnu packages ssh) | |
2102ae2e DC |
35 | #:use-module (gnu packages) |
36 | #:use-module (gnu packages autotools) | |
37 | #:use-module (gnu packages base) | |
6a7c4636 | 38 | #:use-module (gnu packages boost) |
2fbf053b | 39 | #:use-module (gnu packages compression) |
c9a6a36f | 40 | #:use-module (gnu packages crypto) |
2102ae2e | 41 | #:use-module (gnu packages elf) |
2fbf053b | 42 | #:use-module (gnu packages gnupg) |
2102ae2e | 43 | #:use-module (gnu packages gperf) |
fe0b8a78 | 44 | #:use-module (gnu packages groff) |
49d294e5 | 45 | #:use-module (gnu packages guile) |
618631f3 | 46 | #:use-module (gnu packages libedit) |
2102ae2e | 47 | #:use-module (gnu packages linux) |
c9a6a36f | 48 | #:use-module (gnu packages logging) |
2102ae2e DC |
49 | #:use-module (gnu packages m4) |
50 | #:use-module (gnu packages multiprecision) | |
87bf526b | 51 | #:use-module (gnu packages ncurses) |
2102ae2e | 52 | #:use-module (gnu packages nettle) |
89e34644 | 53 | #:use-module (gnu packages kerberos) |
2102ae2e DC |
54 | #:use-module (gnu packages perl) |
55 | #:use-module (gnu packages pkg-config) | |
c9a6a36f | 56 | #:use-module (gnu packages popt) |
6a7c4636 | 57 | #:use-module (gnu packages protobuf) |
ae72b8f5 | 58 | #:use-module (gnu packages python) |
44d10b1f | 59 | #:use-module (gnu packages python-xyz) |
2102ae2e DC |
60 | #:use-module (gnu packages readline) |
61 | #:use-module (gnu packages texinfo) | |
cc2b77df | 62 | #:use-module (gnu packages tls) |
2102ae2e DC |
63 | #:use-module (gnu packages xorg) |
64 | #:use-module (guix build-system cmake) | |
65 | #:use-module (guix build-system gnu) | |
ae72b8f5 | 66 | #:use-module (guix build-system python) |
2fbf053b | 67 | #:use-module (guix download) |
817efe8b | 68 | #:use-module (guix git-download) |
2102ae2e | 69 | #:use-module ((guix licenses) #:prefix license:) |
befbaebf | 70 | #:use-module (guix packages) |
7e90eb98 | 71 | #:use-module (guix utils) |
befbaebf | 72 | #:use-module (srfi srfi-1)) |
1681cd4a | 73 | |
96fe62d8 TGR |
74 | (define-public hss |
75 | (package | |
76 | (name "hss") | |
77 | (version "1.8") | |
78 | (source (origin | |
79 | (method git-fetch) | |
80 | (uri (git-reference | |
b0e7b699 | 81 | (url "https://github.com/six-ddc/hss") |
96fe62d8 TGR |
82 | (commit (string-append "v" version)))) |
83 | (file-name (git-file-name name version)) | |
84 | (sha256 | |
85 | (base32 | |
86 | "1rpysj65j9ls30bf2c5k5hykzzjfknrihs58imp178bx1wqzw4jl")))) | |
87 | (inputs | |
88 | `(("readline" ,readline))) | |
89 | (arguments | |
f718c0a0 | 90 | `(#:make-flags |
845f5a03 TGR |
91 | (list ,(string-append "CC=" (cc-for-target)) |
92 | (string-append "INSTALL_BIN=" (assoc-ref %outputs "out") "/bin")) | |
f718c0a0 | 93 | #:tests? #f ; no tests |
96fe62d8 TGR |
94 | #:phases |
95 | (modify-phases %standard-phases | |
f718c0a0 | 96 | (add-after 'unpack 'patch-file-names |
96fe62d8 TGR |
97 | (lambda* (#:key inputs outputs #:allow-other-keys) |
98 | (substitute* "Makefile" | |
96fe62d8 TGR |
99 | (("/usr/local/opt/readline") |
100 | (assoc-ref inputs "readline"))) | |
3b6b337e TGR |
101 | #t)) |
102 | (delete 'configure)))) ; no configure script | |
96fe62d8 TGR |
103 | (build-system gnu-build-system) |
104 | (home-page "https://github.com/six-ddc/hss/") | |
105 | (synopsis "Interactive SSH client for multiple servers") | |
16f6889b TGR |
106 | (description |
107 | "@command{hss} is an interactive SSH client for multiple servers. Commands | |
108 | are executed on all servers in parallel. Execution on one server does not need | |
109 | to wait for that on another server to finish before starting. One can run a | |
110 | command on hundreds of servers at the same time, with almost the same experience | |
111 | as a local Bash shell. | |
96fe62d8 | 112 | |
16f6889b | 113 | It supports: |
96fe62d8 | 114 | @itemize @bullet |
16f6889b TGR |
115 | @item interactive input: based on GNU readline. |
116 | @item history: responding to the @kbd{C-r} key. | |
117 | @item auto-completion: @key{TAB}-completion from remote servers for commands and | |
118 | file names. | |
119 | @end itemize\n") | |
96fe62d8 TGR |
120 | (license license:expat))) |
121 | ||
1681cd4a | 122 | (define-public libssh |
eed00f93 LF |
123 | (package |
124 | (name "libssh") | |
960abd58 | 125 | (version "0.9.4") |
eed00f93 LF |
126 | (source (origin |
127 | (method git-fetch) | |
128 | (uri (git-reference | |
d5401375 | 129 | (url "https://git.libssh.org/projects/libssh.git") |
12995856 | 130 | (commit (string-append "libssh-" version)))) |
eed00f93 LF |
131 | (sha256 |
132 | (base32 | |
960abd58 | 133 | "0qr4vi3k1wv69c95d9j26fiv78pzyksaq8ccd76b8nxar5z1fbj6")) |
eed00f93 LF |
134 | (file-name (git-file-name name version)))) |
135 | (build-system cmake-build-system) | |
136 | (outputs '("out" "debug")) | |
137 | (arguments | |
138 | '(#:configure-flags '("-DWITH_GCRYPT=ON") | |
deed349b | 139 | |
eed00f93 LF |
140 | ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite. |
141 | #:tests? #f)) | |
142 | (inputs `(("zlib" ,zlib) | |
ef30ddb2 LDB |
143 | ("libgcrypt" ,libgcrypt) |
144 | ("mit-krb5" ,mit-krb5))) | |
eed00f93 LF |
145 | (synopsis "SSH client library") |
146 | (description | |
147 | "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client | |
148 | and server implementations. With libssh, you can remotely execute programs, | |
149 | transfer files, and use a secure and transparent tunnel for your remote | |
150 | applications.") | |
151 | (home-page "https://www.libssh.org") | |
152 | (license license:lgpl2.1+))) | |
2fbf053b AE |
153 | |
154 | (define-public libssh2 | |
155 | (package | |
156 | (name "libssh2") | |
61f34ae5 | 157 | (version "1.9.0") |
2fbf053b AE |
158 | (source (origin |
159 | (method url-fetch) | |
160 | (uri (string-append | |
78d80c5c | 161 | "https://www.libssh2.org/download/libssh2-" |
2fbf053b | 162 | version ".tar.gz")) |
78d80c5c LF |
163 | (sha256 |
164 | (base32 | |
61f34ae5 | 165 | "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym")))) |
2fbf053b | 166 | (build-system gnu-build-system) |
e9c14f37 EB |
167 | ;; The installed libssh2.pc file does not include paths to libgcrypt and |
168 | ;; zlib libraries, so we need to propagate the inputs. | |
169 | (propagated-inputs `(("libgcrypt" ,libgcrypt) | |
170 | ("zlib" ,zlib))) | |
61f34ae5 | 171 | (arguments `(#:configure-flags `("--with-libgcrypt"))) |
35b9e423 | 172 | (synopsis "Client-side C library implementing the SSH2 protocol") |
2fbf053b AE |
173 | (description |
174 | "libssh2 is a library intended to allow software developers access to | |
35b9e423 | 175 | the SSH-2 protocol in an easy-to-use self-contained package. It can be built |
2fbf053b AE |
176 | into an application to perform many different tasks when communicating with |
177 | a server that supports the SSH-2 protocol.") | |
178 | (license license:bsd-3) | |
18e627be | 179 | (home-page "https://www.libssh2.org/"))) |
fe0b8a78 AE |
180 | |
181 | (define-public openssh | |
182 | (package | |
183 | (name "openssh") | |
7c5c21fd | 184 | (version "8.3p1") |
fe0b8a78 | 185 | (source (origin |
644e5f17 TGR |
186 | (method url-fetch) |
187 | (uri (string-append "mirror://openbsd/OpenSSH/portable/" | |
21f5de6d | 188 | "openssh-" version ".tar.gz")) |
6a39cbe7 | 189 | (patches (search-patches "openssh-hurd.patch")) |
644e5f17 TGR |
190 | (sha256 |
191 | (base32 | |
7c5c21fd | 192 | "1cl74ghi9y21dc3f4xa0qamb7dhwacbynh1ks9syprrg8zhgpgpj")))) |
fe0b8a78 | 193 | (build-system gnu-build-system) |
618631f3 GB |
194 | (native-inputs `(("groff" ,groff) |
195 | ("pkg-config" ,pkg-config))) | |
196 | (inputs `(("libedit" ,libedit) | |
197 | ("openssl" ,openssl) | |
39012aab | 198 | ("pam" ,linux-pam) |
040b6299 | 199 | ("mit-krb5" ,mit-krb5) |
683a4a34 | 200 | ("zlib" ,zlib) |
4a697466 | 201 | ("xauth" ,xauth))) ; for 'ssh -X' and 'ssh -Y' |
fe0b8a78 AE |
202 | (arguments |
203 | `(#:test-target "tests" | |
d3552450 LF |
204 | ;; Otherwise, the test scripts try to use a nonexistent directory and |
205 | ;; fail. | |
206 | #:make-flags '("REGRESSTMP=\"$${BUILDDIR}/regress\"") | |
040b6299 | 207 | #:configure-flags `("--sysconfdir=/etc/ssh" |
39012aab | 208 | |
040b6299 | 209 | ;; Default value of 'PATH' used by sshd. |
9af49832 LC |
210 | "--with-default-path=/run/current-system/profile/bin" |
211 | ||
6db6bcf7 | 212 | ;; configure needs to find krb5-config. |
040b6299 JD |
213 | ,(string-append "--with-kerberos5=" |
214 | (assoc-ref %build-inputs "mit-krb5") | |
215 | "/bin") | |
216 | ||
6db6bcf7 | 217 | ;; libedit is needed for sftp completion. |
618631f3 GB |
218 | "--with-libedit" |
219 | ||
39012aab | 220 | ;; Enable PAM support in sshd. |
3d8c7783 MO |
221 | "--with-pam" |
222 | ||
223 | ;; "make install" runs "install -s" by default, | |
224 | ;; which doesn't work for cross-compiled binaries | |
225 | ;; because it invokes 'strip' instead of | |
226 | ;; 'TRIPLET-strip'. Work around this. | |
227 | ,,@(if (%current-target-system) | |
228 | '("--disable-strip") | |
229 | '())) | |
39012aab | 230 | |
fe0b8a78 | 231 | #:phases |
a9ee11d5 RW |
232 | (modify-phases %standard-phases |
233 | (add-after 'configure 'reset-/var/empty | |
234 | (lambda* (#:key outputs #:allow-other-keys) | |
235 | (let ((out (assoc-ref outputs "out"))) | |
236 | (substitute* "Makefile" | |
237 | (("PRIVSEP_PATH=/var/empty") | |
238 | (string-append "PRIVSEP_PATH=" out "/var/empty"))) | |
239 | #t))) | |
240 | (add-before 'check 'patch-tests | |
241 | (lambda _ | |
6db6bcf7 TGR |
242 | (substitute* "regress/test-exec.sh" |
243 | (("/bin/sh") (which "sh"))) | |
244 | ||
245 | ;; Remove 't-exec' regress target which requires user 'sshd'. | |
246 | (substitute* (list "Makefile" | |
247 | "regress/Makefile") | |
248 | (("^(tests:.*) t-exec(.*)" all pre post) | |
a9ee11d5 RW |
249 | (string-append pre post))) |
250 | #t)) | |
251 | (replace 'install | |
36f26211 | 252 | (lambda* (#:key outputs (make-flags '()) #:allow-other-keys) |
6db6bcf7 | 253 | ;; Install without host keys and system configuration files. |
27b6adb7 MW |
254 | (apply invoke "make" "install-nosysconf" make-flags) |
255 | (install-file "contrib/ssh-copy-id" | |
256 | (string-append (assoc-ref outputs "out") | |
257 | "/bin/")) | |
258 | (chmod (string-append (assoc-ref outputs "out") | |
259 | "/bin/ssh-copy-id") #o555) | |
260 | (install-file "contrib/ssh-copy-id.1" | |
261 | (string-append (assoc-ref outputs "out") | |
262 | "/share/man/man1/")) | |
263 | #t))))) | |
35b9e423 | 264 | (synopsis "Client and server for the secure shell (ssh) protocol") |
fe0b8a78 AE |
265 | (description |
266 | "The SSH2 protocol implemented in OpenSSH is standardised by the | |
267 | IETF secsh working group and is specified in several RFCs and drafts. | |
268 | It is composed of three layered components: | |
269 | ||
270 | The transport layer provides algorithm negotiation and a key exchange. | |
271 | The key exchange includes server authentication and results in a | |
272 | cryptographically secured connection: it provides integrity, confidentiality | |
273 | and optional compression. | |
274 | ||
275 | The user authentication layer uses the established connection and relies on | |
35b9e423 EB |
276 | the services provided by the transport layer. It provides several mechanisms |
277 | for user authentication. These include traditional password authentication | |
fe0b8a78 AE |
278 | as well as public-key or host-based authentication mechanisms. |
279 | ||
280 | The connection layer multiplexes many different concurrent channels over the | |
281 | authenticated connection and allows tunneling of login sessions and | |
35b9e423 | 282 | TCP-forwarding. It provides a flow control service for these channels. |
fe0b8a78 | 283 | Additionally, various channel-specific options can be negotiated.") |
166191b3 | 284 | (license (license:non-copyleft "file://LICENSE" |
fe0b8a78 | 285 | "See LICENSE in the distribution.")) |
1121a5c6 | 286 | (home-page "https://www.openssh.com/"))) |
fe0b8a78 | 287 | |
65c8512f MO |
288 | ;; OpenSSH without X support. This allows to use OpenSSH without dragging X |
289 | ;; libraries to the closure. | |
290 | (define-public openssh-sans-x | |
291 | (package | |
292 | (inherit openssh) | |
293 | (name "openssh-sans-x") | |
294 | (inputs (alist-delete "xauth" (package-inputs openssh))) | |
295 | (synopsis "OpenSSH client and server without X11 support"))) | |
296 | ||
49d294e5 LC |
297 | (define-public guile-ssh |
298 | (package | |
299 | (name "guile-ssh") | |
6c451e16 | 300 | (version "0.13.0") |
6634180f | 301 | (home-page "https://github.com/artyom-poptsov/guile-ssh") |
49d294e5 | 302 | (source (origin |
e98c354d LC |
303 | (method git-fetch) |
304 | (uri (git-reference | |
305 | (url home-page) | |
306 | (commit (string-append "v" version)))) | |
6634180f | 307 | (file-name (string-append name "-" version ".tar.gz")) |
49d294e5 LC |
308 | (sha256 |
309 | (base32 | |
6c451e16 | 310 | "1q96h98p6x7ah6nc0d2wfx503fmsj36riv9ka9s79z3lzwaf0k26")) |
b0966ba2 | 311 | (modules '((guix build utils))))) |
49d294e5 | 312 | (build-system gnu-build-system) |
74460d11 | 313 | (outputs '("out" "debug")) |
49d294e5 | 314 | (arguments |
b0966ba2 | 315 | `(;; It makes no sense to build libguile-ssh.a. |
c305ac30 LC |
316 | #:configure-flags '("--disable-static") |
317 | ||
318 | #:phases (modify-phases %standard-phases | |
92b72582 | 319 | (add-before 'build 'fix-libguile-ssh-file-name |
8a8f6590 | 320 | (lambda* (#:key outputs #:allow-other-keys) |
92b72582 LC |
321 | ;; Build and install libguile-ssh.so so that we can use |
322 | ;; its absolute file name in .scm files, before we build | |
323 | ;; the .go files. | |
e7c37ed5 TGR |
324 | (let* ((out (assoc-ref outputs "out")) |
325 | (lib (string-append out "/lib"))) | |
326 | (invoke "make" "install" | |
327 | "-C" "libguile-ssh" | |
328 | "-j" (number->string | |
329 | (parallel-job-count))) | |
330 | (substitute* (find-files "." "\\.scm$") | |
331 | (("\"libguile-ssh\"") | |
332 | (string-append "\"" lib "/libguile-ssh\""))) | |
333 | #t))) | |
b0966ba2 MO |
334 | ,@(if (%current-target-system) |
335 | '() | |
336 | '((add-before 'check 'fix-guile-path | |
337 | (lambda* (#:key inputs #:allow-other-keys) | |
338 | (let ((guile (assoc-ref inputs "guile"))) | |
339 | (substitute* "tests/common.scm" | |
340 | (("/usr/bin/guile") | |
341 | (string-append guile "/bin/guile"))) | |
342 | #t))))) | |
d0002642 RJ |
343 | (add-after 'install 'remove-bin-directory |
344 | (lambda* (#:key outputs #:allow-other-keys) | |
345 | (let* ((out (assoc-ref outputs "out")) | |
346 | (bin (string-append out "/bin")) | |
347 | (examples (string-append | |
348 | out "/share/guile-ssh/examples"))) | |
349 | (mkdir-p examples) | |
350 | (rename-file (string-append bin "/ssshd.scm") | |
351 | (string-append examples "/ssshd.scm")) | |
352 | (rename-file (string-append bin "/sssh.scm") | |
353 | (string-append examples "/sssh.scm")) | |
354 | (delete-file-recursively bin) | |
355 | #t)))) | |
afde8da3 LC |
356 | ;; Tests are not parallel-safe. |
357 | #:parallel-tests? #f)) | |
49d294e5 LC |
358 | (native-inputs `(("autoconf" ,autoconf) |
359 | ("automake" ,automake) | |
3246cc91 | 360 | ("libtool" ,libtool) |
00ee3a71 | 361 | ("texinfo" ,texinfo) |
49d294e5 | 362 | ("pkg-config" ,pkg-config) |
ce59688d | 363 | ("which" ,which) |
b6bee63b LC |
364 | ("guile" ,guile-3.0))) ;needed when cross-compiling. |
365 | (inputs `(("guile" ,guile-3.0) | |
6f9d5b2e | 366 | ("libssh" ,libssh) |
44fd0994 | 367 | ("libgcrypt" ,libgcrypt))) |
49d294e5 LC |
368 | (synopsis "Guile bindings to libssh") |
369 | (description | |
370 | "Guile-SSH is a library that provides access to the SSH protocol for | |
371 | programs written in GNU Guile interpreter. It is a wrapper to the underlying | |
372 | libssh library.") | |
49d294e5 | 373 | (license license:gpl3+))) |
513e1950 | 374 | |
4d8806c3 | 375 | (define-public guile2.0-ssh |
75c260ba LC |
376 | (package |
377 | (inherit guile-ssh) | |
4d8806c3 | 378 | (name "guile2.0-ssh") |
bbb219bd MO |
379 | (native-inputs |
380 | `(("guile" ,guile-2.0) ;needed when cross-compiling. | |
381 | ,@(alist-delete "guile" (package-native-inputs guile-ssh)))) | |
4d8806c3 | 382 | (inputs `(("guile" ,guile-2.0) |
75c260ba | 383 | ,@(alist-delete "guile" (package-inputs guile-ssh)))))) |
befbaebf | 384 | |
b6bee63b | 385 | (define-public guile2.2-ssh |
7e90eb98 LC |
386 | (package |
387 | (inherit guile-ssh) | |
b6bee63b | 388 | (name "guile2.2-ssh") |
bbb219bd | 389 | (native-inputs |
b6bee63b | 390 | `(("guile" ,guile-2.2) ;needed when cross-compiling. |
bbb219bd | 391 | ,@(alist-delete "guile" (package-native-inputs guile-ssh)))) |
b6bee63b | 392 | (inputs `(("guile" ,guile-2.2) |
7e90eb98 LC |
393 | ,@(alist-delete "guile" (package-inputs guile-ssh)))))) |
394 | ||
b6bee63b LC |
395 | (define-public guile3.0-ssh |
396 | (deprecated-package "guile3.0-ssh" guile-ssh)) | |
397 | ||
513e1950 SHT |
398 | (define-public corkscrew |
399 | (package | |
400 | (name "corkscrew") | |
401 | (version "2.0") | |
402 | (source | |
403 | (origin | |
33c154d6 TGR |
404 | (method git-fetch) |
405 | (uri (git-reference | |
406 | (url "https://github.com/patpadgett/corkscrew") | |
407 | (commit (string-append "v" version)))) | |
408 | (sha256 | |
409 | (base32 "0g4pkczrc1zqpnxyyjwcjmyzdj5qqcpzwf1bm3965zdwp94bpppf")) | |
410 | (file-name (git-file-name name version)))) | |
513e1950 SHT |
411 | (build-system gnu-build-system) |
412 | (arguments | |
d2656332 | 413 | `(#:phases |
91c52629 EF |
414 | (modify-phases %standard-phases |
415 | (replace 'configure | |
5b34f56c | 416 | ;; Replace configure phase as the ./configure script does not like |
33c154d6 | 417 | ;; CONFIG_SHELL and SHELL passed as parameters. |
5b34f56c TGR |
418 | (lambda* (#:key outputs build target #:allow-other-keys) |
419 | (let* ((out (assoc-ref outputs "out")) | |
420 | (bash (which "bash")) | |
91c52629 | 421 | ;; Set --build and --host flags as the provided config.guess |
33c154d6 | 422 | ;; is not able to detect them. |
5b34f56c | 423 | (flags `(,(string-append "--prefix=" out) |
91c52629 EF |
424 | ,(string-append "--build=" build) |
425 | ,(string-append "--host=" (or target build))))) | |
426 | (setenv "CONFIG_SHELL" bash) | |
5b34f56c | 427 | (apply invoke bash "./configure" flags)))) |
81d95a12 TGR |
428 | (add-after 'install 'install-documentation |
429 | (lambda* (#:key outputs #:allow-other-keys) | |
430 | (let* ((out (assoc-ref outputs "out")) | |
d2656332 | 431 | (doc (string-append out "/share/doc/" ,name "-" ,version))) |
33c154d6 | 432 | (install-file "README.markdown" doc) |
81d95a12 | 433 | #t)))))) |
33c154d6 | 434 | (home-page "https://github.com/patpadgett/corkscrew") |
10c95711 | 435 | (synopsis "SSH tunneling through HTTP(S) proxies") |
513e1950 | 436 | (description |
10c95711 TGR |
437 | "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies. |
438 | Proxy authentication is only supported through the plain-text HTTP basic | |
439 | authentication scheme.") | |
513e1950 | 440 | (license license:gpl2+))) |
87bf526b LC |
441 | |
442 | (define-public mosh | |
443 | (package | |
444 | (name "mosh") | |
4b8b245b | 445 | (version "1.3.2") |
87bf526b LC |
446 | (source (origin |
447 | (method url-fetch) | |
c3671282 | 448 | (uri (string-append "https://mosh.org/mosh-" version ".tar.gz")) |
87bf526b LC |
449 | (sha256 |
450 | (base32 | |
4b8b245b | 451 | "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s")))) |
87bf526b LC |
452 | (build-system gnu-build-system) |
453 | (arguments | |
11379192 EF |
454 | '(#:phases |
455 | (modify-phases %standard-phases | |
2b504cc3 TGR |
456 | (add-after 'unpack 'patch-FHS-file-names |
457 | (lambda _ | |
458 | (substitute* "scripts/mosh.pl" | |
459 | (("/bin/sh") | |
460 | (which "sh"))) | |
461 | #t)) | |
11379192 EF |
462 | (add-after 'install 'wrap |
463 | (lambda* (#:key outputs #:allow-other-keys) | |
464 | ;; Make sure 'mosh' can find 'mosh-client' and | |
465 | ;; 'mosh-server'. | |
466 | (let* ((out (assoc-ref outputs "out")) | |
467 | (bin (string-append out "/bin"))) | |
468 | (wrap-program (string-append bin "/mosh") | |
469 | `("PATH" ":" prefix (,bin))))))))) | |
87bf526b LC |
470 | (native-inputs |
471 | `(("pkg-config" ,pkg-config))) | |
472 | (inputs | |
473 | `(("openssl" ,openssl) | |
474 | ("perl" ,perl) | |
475 | ("perl-io-tty" ,perl-io-tty) | |
476 | ("zlib" ,zlib) | |
477 | ("ncurses" ,ncurses) | |
478 | ("protobuf" ,protobuf) | |
479 | ("boost-headers" ,boost))) | |
c3671282 | 480 | (home-page "https://mosh.org/") |
87bf526b LC |
481 | (synopsis "Remote shell tolerant to intermittent connectivity") |
482 | (description | |
2ca12aee TGR |
483 | "Mosh is a remote terminal application that allows client roaming, supports |
484 | intermittent connectivity, and provides intelligent local echo and line editing | |
485 | of user keystrokes. It's a replacement for SSH that's more robust and | |
486 | responsive, especially over Wi-Fi, cellular, and long-distance links.") | |
87bf526b | 487 | (license license:gpl3+))) |
8c6cfd55 | 488 | |
c9a6a36f SR |
489 | (define-public et |
490 | (package | |
491 | (name "et") | |
492 | (version "3.1.0") | |
493 | (source | |
494 | (origin | |
1be06dda TGR |
495 | (method git-fetch) |
496 | (uri (git-reference | |
b0e7b699 | 497 | (url "https://github.com/MisterTea/EternalTCP") |
1be06dda | 498 | (commit (string-append "et-v" version)))) |
fc32bc45 | 499 | (file-name (git-file-name name version)) |
c9a6a36f | 500 | (sha256 |
1be06dda | 501 | (base32 "1m5caxckn2ihwp9s2pbyh5amxlpwr7yc54q8s0kb10fr52w2vfnm")))) |
c9a6a36f SR |
502 | (build-system cmake-build-system) |
503 | (arguments `(#:tests? #f)) | |
504 | (native-inputs | |
505 | `(("pkg-config" ,pkg-config))) | |
506 | (inputs `(("glog" ,glog) | |
507 | ("gflags" ,gflags) | |
508 | ("libsodium" ,libsodium) | |
509 | ("protobuf" ,protobuf))) | |
510 | (synopsis "Remote shell that automatically reconnects") | |
511 | (description | |
512 | "Eternal Terminal (ET) is a remote shell that automatically reconnects | |
513 | without interrupting the session. Unlike SSH sessions, ET sessions will | |
839ee8d5 TGR |
514 | survive even network outages and IP changes. ET uses a custom protocol over |
515 | TCP, not the SSH protocol.") | |
23335e8d | 516 | (home-page "https://eternalterminal.dev/") |
c9a6a36f SR |
517 | (license license:asl2.0))) |
518 | ||
8c6cfd55 JD |
519 | (define-public dropbear |
520 | (package | |
521 | (name "dropbear") | |
4a498d00 | 522 | (version "2020.80") |
e190d12e TGR |
523 | (source |
524 | (origin | |
525 | (method url-fetch) | |
526 | (uri (string-append | |
527 | "https://matt.ucc.asn.au/dropbear/releases/" | |
528 | "dropbear-" version ".tar.bz2")) | |
529 | (sha256 | |
4a498d00 | 530 | (base32 "0jbrbpdzyv11x5rkljdimzq9p6a7da5siw9k405ibnpjj4dr89yr")))) |
8c6cfd55 | 531 | (build-system gnu-build-system) |
e190d12e | 532 | (arguments `(#:tests? #f)) ; there is no "make check" or anything similar |
d5612439 LF |
533 | ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least |
534 | ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674> | |
535 | ;; for more information. | |
8c6cfd55 JD |
536 | (inputs `(("zlib" ,zlib))) |
537 | (synopsis "Small SSH server and client") | |
538 | (description "Dropbear is a relatively small SSH server and | |
35b9e423 EB |
539 | client. It runs on a variety of POSIX-based platforms. Dropbear is |
540 | particularly useful for embedded systems, such as wireless routers.") | |
8c6cfd55 JD |
541 | (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html") |
542 | (license (license:x11-style "" "See file LICENSE.")))) | |
2102ae2e DC |
543 | |
544 | (define-public liboop | |
545 | (package | |
546 | (name "liboop") | |
506737f1 | 547 | (version "1.0.1") |
2102ae2e DC |
548 | (source |
549 | (origin | |
550 | (method url-fetch) | |
506737f1 TGR |
551 | (uri (string-append "http://ftp.lysator.liu.se/pub/liboop/" |
552 | name "-" version ".tar.gz")) | |
2102ae2e DC |
553 | (sha256 |
554 | (base32 | |
506737f1 | 555 | "1q0p1l72pq9k3bi7a366j2rishv7dzzkg3i6r2npsfg7cnnidbsn")))) |
2102ae2e | 556 | (build-system gnu-build-system) |
359b137c | 557 | (home-page "https://www.lysator.liu.se/liboop/") |
2102ae2e DC |
558 | (synopsis "Event loop library") |
559 | (description "Liboop is a low-level event loop management library for | |
560 | POSIX-based operating systems. It supports the development of modular, | |
561 | multiplexed applications which may respond to events from several sources. It | |
562 | replaces the \"select() loop\" and allows the registration of event handlers | |
563 | for file and network I/O, timers and signals. Since processes use these | |
564 | mechanisms for almost all external communication, liboop can be used as the | |
565 | basis for almost any application.") | |
566 | (license license:lgpl2.1+))) | |
567 | ||
568 | (define-public lsh | |
569 | (package | |
570 | (name "lsh") | |
571 | (version "2.1") | |
572 | (source (origin | |
573 | (method url-fetch) | |
574 | (uri (string-append "mirror://gnu/lsh/lsh-" | |
575 | version ".tar.gz")) | |
576 | (sha256 | |
577 | (base32 | |
578 | "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb")) | |
579 | (modules '((guix build utils))) | |
580 | (snippet | |
581 | '(begin | |
582 | (substitute* "src/testsuite/functions.sh" | |
583 | (("localhost") | |
584 | ;; Avoid host name lookups since they don't work in | |
585 | ;; chroot builds. | |
586 | "127.0.0.1") | |
587 | (("set -e") | |
588 | ;; Make tests more verbose. | |
589 | "set -e\nset -x")) | |
590 | ||
591 | (substitute* (find-files "src/testsuite" "-test$") | |
592 | (("localhost") "127.0.0.1")) | |
593 | ||
594 | (substitute* "src/testsuite/login-auth-test" | |
6cbee49d MW |
595 | (("/bin/cat") "cat")) |
596 | #t)))) | |
2102ae2e DC |
597 | (build-system gnu-build-system) |
598 | (native-inputs | |
599 | `(("m4" ,m4) | |
600 | ("guile" ,guile-2.0) | |
601 | ("gperf" ,gperf) | |
602 | ("psmisc" ,psmisc))) ; for `killall' | |
603 | (inputs | |
604 | `(("nettle" ,nettle-2) | |
605 | ("linux-pam" ,linux-pam) | |
606 | ||
607 | ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in | |
608 | ;; Readline 6.3. | |
609 | ("readline" ,readline-6.2) | |
610 | ||
611 | ("liboop" ,liboop) | |
612 | ("zlib" ,zlib) | |
613 | ("gmp" ,gmp) | |
614 | ||
615 | ;; The server (lshd) invokes xauth when X11 forwarding is requested. | |
616 | ;; This adds 24 MiB (or 27%) to the closure of lsh. | |
617 | ("xauth" ,xauth))) | |
618 | (arguments | |
619 | '(;; Skip the `configure' test that checks whether /dev/ptmx & | |
620 | ;; co. work as expected, because it relies on impurities (for | |
621 | ;; instance, /dev/pts may be unavailable in chroots.) | |
d5c969ce LC |
622 | #:configure-flags '("lsh_cv_sys_unix98_ptys=yes" |
623 | ||
624 | ;; Use glibc's argp rather than the bundled one. | |
625 | "--with-system-argp" | |
626 | ||
627 | ;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing | |
628 | ;; defines it. | |
629 | "CPPFLAGS=-DHAVE_ARGP_PARSE") | |
2102ae2e DC |
630 | |
631 | ;; FIXME: Tests won't run in a chroot, presumably because | |
632 | ;; /etc/profile is missing, and thus clients get an empty $PATH | |
633 | ;; and nothing works. | |
634 | #:tests? #f | |
635 | ||
636 | #:phases | |
637 | (modify-phases %standard-phases | |
638 | (add-before 'configure 'pre-configure | |
639 | (lambda* (#:key inputs #:allow-other-keys) | |
640 | (let* ((nettle (assoc-ref inputs "nettle")) | |
641 | (sexp-conv (string-append nettle "/bin/sexp-conv"))) | |
d5c969ce LC |
642 | ;; Remove argp from the list of sub-directories; we don't want |
643 | ;; to build it, really. | |
644 | (substitute* "src/Makefile.in" | |
645 | (("^SUBDIRS = argp") | |
646 | "SUBDIRS =")) | |
647 | ||
2102ae2e DC |
648 | ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place |
649 | ;; by default. | |
650 | (substitute* "src/environ.h.in" | |
651 | (("^#define PATH_SEXP_CONV.*") | |
652 | (string-append "#define PATH_SEXP_CONV \"" | |
653 | sexp-conv "\"\n"))) | |
654 | ||
655 | ;; Same for the 'lsh-authorize' script. | |
656 | (substitute* "src/lsh-authorize" | |
657 | (("=sexp-conv") | |
658 | (string-append "=" sexp-conv))) | |
659 | ||
660 | ;; Tell lshd where 'xauth' lives. Another option would be to | |
661 | ;; hardcode "/run/current-system/profile/bin/xauth", thereby | |
662 | ;; reducing the closure size, but that wouldn't work on foreign | |
663 | ;; distros. | |
664 | (with-fluids ((%default-port-encoding "ISO-8859-1")) | |
665 | (substitute* "src/server_x11.c" | |
666 | (("define XAUTH_PROGRAM.*") | |
667 | (string-append "define XAUTH_PROGRAM \"" | |
668 | (assoc-ref inputs "xauth") | |
669 | "/bin/xauth\"\n"))))) | |
670 | ||
671 | ;; Tests rely on $USER being set. | |
672 | (setenv "USER" "guix")))))) | |
21de4160 | 673 | (home-page "https://www.lysator.liu.se/~nisse/lsh/") |
2102ae2e DC |
674 | (synopsis "GNU implementation of the Secure Shell (ssh) protocols") |
675 | (description | |
676 | "GNU lsh is a free implementation of the SSH version 2 protocol. It is | |
677 | used to create a secure line of communication between two computers, | |
678 | providing shell access to the server system from the client. It provides | |
679 | both the server daemon and the client application, as well as tools for | |
680 | manipulating key files.") | |
681 | (license license:gpl2+))) | |
c777570b NG |
682 | |
683 | (define-public sshpass | |
684 | (package | |
685 | (name "sshpass") | |
686 | (version "1.06") | |
687 | (synopsis "Non-interactive password authentication with SSH") | |
688 | (home-page "https://sourceforge.net/projects/sshpass/") | |
689 | (source | |
690 | (origin | |
691 | (method url-fetch) | |
692 | (uri (string-append "mirror://sourceforge/sshpass/sshpass/" | |
693 | version "/sshpass-" version ".tar.gz")) | |
694 | (sha256 | |
695 | (base32 | |
696 | "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6")))) | |
697 | (build-system gnu-build-system) | |
698 | (description "sshpass is a tool for non-interactivly performing password | |
699 | authentication with SSH's so-called @dfn{interactive keyboard password | |
700 | authentication}.") | |
701 | (license license:gpl2+))) | |
8caeb117 CAW |
702 | |
703 | (define-public autossh | |
704 | (package | |
705 | (name "autossh") | |
d6bbb7e5 | 706 | (version "1.4g") |
8caeb117 CAW |
707 | (source |
708 | (origin | |
709 | (method url-fetch) | |
710 | (uri (string-append | |
26045af9 | 711 | "https://www.harding.motd.ca/autossh/autossh-" |
8caeb117 CAW |
712 | version ".tgz")) |
713 | (sha256 | |
d6bbb7e5 | 714 | (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz")))) |
8caeb117 CAW |
715 | (build-system gnu-build-system) |
716 | (arguments `(#:tests? #f)) ; There is no "make check" or anything similar | |
717 | (inputs `(("openssh" ,openssh))) | |
718 | (synopsis "Automatically restart SSH sessions and tunnels") | |
719 | (description "autossh is a program to start a copy of @command{ssh} and | |
720 | monitor it, restarting it as necessary should it die or stop passing traffic.") | |
26045af9 | 721 | (home-page "https://www.harding.motd.ca/autossh/") |
8caeb117 CAW |
722 | (license |
723 | ;; Why point to a source file? Well, all the individual files have a | |
724 | ;; copy of this license in their headers, but there's no separate file | |
725 | ;; with that information. | |
726 | (license:non-copyleft "file://autossh.c")))) | |
227dbd84 RW |
727 | |
728 | (define-public pdsh | |
729 | (package | |
730 | (name "pdsh") | |
91815e8d | 731 | (version "2.34") |
227dbd84 RW |
732 | (source |
733 | (origin | |
734 | (method url-fetch) | |
b982fb1c | 735 | (uri (string-append "https://github.com/chaos/pdsh/" |
736 | "releases/download/pdsh-" version | |
737 | "/pdsh-" version ".tar.gz")) | |
227dbd84 | 738 | (sha256 |
91815e8d | 739 | (base32 "1s91hmhrz7rfb6h3l5k97s393rcm1ww3svp8dx5z8vkkc933wyxl")))) |
227dbd84 RW |
740 | (build-system gnu-build-system) |
741 | (arguments | |
742 | `(#:configure-flags | |
743 | (list "--with-ssh") | |
744 | #:phases | |
745 | (modify-phases %standard-phases | |
746 | (add-after 'unpack 'patch-/bin/sh | |
747 | (lambda _ | |
b982fb1c | 748 | (substitute* '("tests/t0006-pdcp.sh" |
749 | "tests/t0004-module-loading.sh" | |
750 | "tests/t2001-ssh.sh" | |
751 | "tests/t1003-slurm.sh" | |
752 | "tests/t6036-long-output-lines.sh" | |
753 | "tests/aggregate-results.sh" | |
754 | "tests/t2000-exec.sh" | |
755 | "tests/t0002-internal.sh" | |
756 | "tests/t1002-dshgroup.sh" | |
757 | "tests/t5000-dshbak.sh" | |
758 | "tests/t0001-basic.sh" | |
759 | "tests/t0005-rcmd_type-and-user.sh" | |
227dbd84 | 760 | "tests/test-lib.sh" |
b982fb1c | 761 | "tests/t2002-mrsh.sh" |
762 | "tests/t0003-wcoll.sh" | |
227dbd84 RW |
763 | "tests/test-modules/pcptest.c") |
764 | (("/bin/sh") (which "bash"))) | |
b982fb1c | 765 | #t)) |
766 | (add-after 'unpack 'patch-tests | |
767 | (lambda _ | |
768 | (substitute* "tests/t6036-long-output-lines.sh" | |
769 | (("which") (which "which"))) | |
227dbd84 RW |
770 | #t))))) |
771 | (inputs | |
772 | `(("openssh" ,openssh) | |
773 | ("mit-krb5" ,mit-krb5) | |
774 | ("perl" ,perl))) | |
b982fb1c | 775 | (native-inputs |
776 | `(("which" ,which))) | |
777 | (home-page "https://github.com/chaos/pdsh") | |
227dbd84 RW |
778 | (synopsis "Parallel distributed shell") |
779 | (description "Pdsh is a an efficient, multithreaded remote shell client | |
780 | which executes commands on multiple remote hosts in parallel. Pdsh implements | |
781 | dynamically loadable modules for extended functionality such as new remote | |
782 | shell services and remote host selection.") | |
783 | (license license:gpl2+))) | |
ae72b8f5 MG |
784 | |
785 | (define-public clustershell | |
786 | (package | |
787 | (name "clustershell") | |
7b2f99cd | 788 | (version "1.8.3") |
ae72b8f5 MG |
789 | (source |
790 | (origin | |
791 | (method url-fetch) | |
40f24301 EF |
792 | (uri (string-append "https://github.com/cea-hpc/clustershell/releases" |
793 | "/download/v" version | |
794 | "/ClusterShell-" version ".tar.gz")) | |
ae72b8f5 | 795 | (sha256 |
7b2f99cd | 796 | (base32 "1qdcgh733szwj9r1gambrgfkizvbjci0bnnkds9a8mnyb3sasnan")))) |
ae72b8f5 MG |
797 | (build-system python-build-system) |
798 | (inputs `(("openssh" ,openssh))) | |
799 | (propagated-inputs `(("python-pyyaml" ,python-pyyaml))) | |
800 | (arguments | |
801 | `(#:phases (modify-phases %standard-phases | |
802 | (add-before 'build 'record-openssh-file-name | |
803 | (lambda* (#:key inputs #:allow-other-keys) | |
804 | (let ((ssh (assoc-ref inputs "openssh"))) | |
805 | (substitute* "lib/ClusterShell/Worker/Ssh.py" | |
806 | (("info\\(\"ssh_path\"\\) or \"ssh\"") | |
807 | (string-append "info(\"ssh_path\") or \"" | |
808 | ssh "/bin/ssh\""))) | |
809 | #t)))))) | |
810 | (home-page "https://cea-hpc.github.io/clustershell/") | |
811 | (synopsis "Scalable event-driven Python framework for cluster administration") | |
812 | (description | |
813 | "ClusterShell is an event-driven Python framework, designed to run local | |
814 | or distant commands in parallel on server farms or on large GNU/Linux | |
815 | clusters. It will take care of common issues encountered on HPC clusters, | |
816 | such as operating on groups of nodes, running distributed commands using | |
817 | optimized execution algorithms, as well as gathering results and merging | |
818 | identical outputs, or retrieving return codes. ClusterShell takes advantage | |
819 | of existing remote shell facilities such as SSH.") | |
820 | (license license:lgpl2.1+))) | |
87007947 EF |
821 | |
822 | (define-public endlessh | |
823 | (package | |
824 | (name "endlessh") | |
63b148f7 | 825 | (version "1.1") |
87007947 EF |
826 | (source |
827 | (origin | |
63b148f7 TGR |
828 | (method git-fetch) |
829 | (uri (git-reference | |
b0e7b699 | 830 | (url "https://github.com/skeeto/endlessh") |
63b148f7 TGR |
831 | (commit version))) |
832 | (file-name (git-file-name name version)) | |
87007947 | 833 | (sha256 |
63b148f7 | 834 | (base32 "0ziwr8j1frsp3dajr8h5glkm1dn5cci404kazz5w1jfrp0736x68")))) |
87007947 EF |
835 | (build-system gnu-build-system) |
836 | (arguments | |
837 | '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) | |
838 | "CC=gcc") | |
63b148f7 | 839 | #:tests? #f ; no test target |
87007947 EF |
840 | #:phases |
841 | (modify-phases %standard-phases | |
63b148f7 | 842 | (delete 'configure)))) ; no configure script |
87007947 EF |
843 | (home-page "https://github.com/skeeto/endlessh") |
844 | (synopsis "SSH tarpit that slowly sends an endless banner") | |
845 | (description | |
846 | "Endlessh is an SSH tarpit that very slowly sends an endless, random SSH | |
847 | banner. It keeps SSH clients locked up for hours or even days at a time. The | |
848 | purpose is to put your real SSH server on another port and then let the script | |
849 | kiddies get stuck in this tarpit instead of bothering a real server. | |
850 | ||
851 | Since the tarpit is in the banner before any cryptographic exchange occurs, this | |
852 | program doesn't depend on any cryptographic libraries. It's a simple, | |
853 | single-threaded, standalone C program. It uses @code{poll()} to trap multiple | |
854 | clients at a time.") | |
855 | (license license:unlicense))) |