Commit | Line | Data |
---|---|---|
2fbf053b | 1 | ;;; GNU Guix --- Functional package management for GNU |
a8b0556e | 2 | ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> |
06ed5982 | 3 | ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr> |
45f2ffb4 | 4 | ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> |
1121a5c6 | 5 | ;;; Copyright © 2015, 2016, 2018 Efraim Flashner <efraim@flashner.co.il> |
78d80c5c | 6 | ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> |
c777570b | 7 | ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr> |
8caeb117 | 8 | ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> |
d6bbb7e5 | 9 | ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> |
c9a6a36f | 10 | ;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at> |
227dbd84 | 11 | ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> |
47956fa0 | 12 | ;;; Copyright © 2017 ng0 <ng0@n0.is> |
ae72b8f5 | 13 | ;;; Copyright © 2018 Manuel Graf <graf@init.at> |
618631f3 | 14 | ;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com> |
2fbf053b AE |
15 | ;;; |
16 | ;;; This file is part of GNU Guix. | |
17 | ;;; | |
18 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
19 | ;;; under the terms of the GNU General Public License as published by | |
20 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
21 | ;;; your option) any later version. | |
22 | ;;; | |
23 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
24 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
26 | ;;; GNU General Public License for more details. | |
27 | ;;; | |
28 | ;;; You should have received a copy of the GNU General Public License | |
29 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
30 | ||
31 | (define-module (gnu packages ssh) | |
2102ae2e DC |
32 | #:use-module (gnu packages) |
33 | #:use-module (gnu packages autotools) | |
34 | #:use-module (gnu packages base) | |
35 | #:autoload (gnu packages boost) (boost) | |
2fbf053b | 36 | #:use-module (gnu packages compression) |
c9a6a36f | 37 | #:use-module (gnu packages crypto) |
2102ae2e | 38 | #:use-module (gnu packages elf) |
2fbf053b | 39 | #:use-module (gnu packages gnupg) |
2102ae2e | 40 | #:use-module (gnu packages gperf) |
fe0b8a78 | 41 | #:use-module (gnu packages groff) |
49d294e5 | 42 | #:use-module (gnu packages guile) |
618631f3 | 43 | #:use-module (gnu packages libedit) |
2102ae2e | 44 | #:use-module (gnu packages linux) |
c9a6a36f | 45 | #:use-module (gnu packages logging) |
2102ae2e DC |
46 | #:use-module (gnu packages m4) |
47 | #:use-module (gnu packages multiprecision) | |
87bf526b | 48 | #:use-module (gnu packages ncurses) |
2102ae2e | 49 | #:use-module (gnu packages nettle) |
89e34644 | 50 | #:use-module (gnu packages kerberos) |
2102ae2e DC |
51 | #:use-module (gnu packages perl) |
52 | #:use-module (gnu packages pkg-config) | |
c9a6a36f | 53 | #:use-module (gnu packages popt) |
87bf526b | 54 | #:autoload (gnu packages protobuf) (protobuf) |
ae72b8f5 | 55 | #:use-module (gnu packages python) |
44d10b1f | 56 | #:use-module (gnu packages python-xyz) |
2102ae2e DC |
57 | #:use-module (gnu packages readline) |
58 | #:use-module (gnu packages texinfo) | |
cc2b77df | 59 | #:use-module (gnu packages tls) |
2102ae2e DC |
60 | #:use-module (gnu packages xorg) |
61 | #:use-module (guix build-system cmake) | |
62 | #:use-module (guix build-system gnu) | |
ae72b8f5 | 63 | #:use-module (guix build-system python) |
2fbf053b | 64 | #:use-module (guix download) |
817efe8b | 65 | #:use-module (guix git-download) |
2102ae2e | 66 | #:use-module ((guix licenses) #:prefix license:) |
befbaebf LC |
67 | #:use-module (guix packages) |
68 | #:use-module (srfi srfi-1)) | |
1681cd4a LC |
69 | |
70 | (define-public libssh | |
eed00f93 LF |
71 | (package |
72 | (name "libssh") | |
81bb5545 | 73 | (version "0.8.7") |
eed00f93 LF |
74 | (source (origin |
75 | (method git-fetch) | |
76 | (uri (git-reference | |
d5401375 | 77 | (url "https://git.libssh.org/projects/libssh.git") |
12995856 | 78 | (commit (string-append "libssh-" version)))) |
eed00f93 LF |
79 | (sha256 |
80 | (base32 | |
81bb5545 | 81 | "1iqik1ba0g008k1mb1n85iih1azi7giy0c485jnlmsrjxik4q3j2")) |
eed00f93 LF |
82 | (file-name (git-file-name name version)))) |
83 | (build-system cmake-build-system) | |
84 | (outputs '("out" "debug")) | |
85 | (arguments | |
86 | '(#:configure-flags '("-DWITH_GCRYPT=ON") | |
deed349b | 87 | |
a8b0556e LC |
88 | #:phases (modify-phases %standard-phases |
89 | (add-before 'configure 'avoid-werror | |
90 | (lambda _ | |
91 | ;; Avoid '-Werror'. Presumably this works fine with | |
92 | ;; gcc@8 on x86_64 but leads to errors with our older | |
93 | ;; compiler. | |
94 | (substitute* "CompilerChecks.cmake" | |
95 | (("-Werror=") "-W")) | |
96 | #t))) | |
97 | ||
eed00f93 LF |
98 | ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite. |
99 | #:tests? #f)) | |
100 | (inputs `(("zlib" ,zlib) | |
101 | ("libgcrypt" ,libgcrypt))) | |
102 | (synopsis "SSH client library") | |
103 | (description | |
104 | "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client | |
105 | and server implementations. With libssh, you can remotely execute programs, | |
106 | transfer files, and use a secure and transparent tunnel for your remote | |
107 | applications.") | |
108 | (home-page "https://www.libssh.org") | |
109 | (license license:lgpl2.1+))) | |
2fbf053b AE |
110 | |
111 | (define-public libssh2 | |
112 | (package | |
113 | (name "libssh2") | |
5d97f4c7 | 114 | (version "1.8.0") |
2fbf053b AE |
115 | (source (origin |
116 | (method url-fetch) | |
117 | (uri (string-append | |
78d80c5c | 118 | "https://www.libssh2.org/download/libssh2-" |
2fbf053b | 119 | version ".tar.gz")) |
78d80c5c LF |
120 | (sha256 |
121 | (base32 | |
ac2d5de3 MB |
122 | "1m3n8spv79qhjq4yi0wgly5s5rc8783jb1pyra9bkx1md0plxwrr")) |
123 | (patches | |
124 | (search-patches "libssh2-fix-build-failure-with-gcrypt.patch")))) | |
2fbf053b | 125 | (build-system gnu-build-system) |
e9c14f37 EB |
126 | ;; The installed libssh2.pc file does not include paths to libgcrypt and |
127 | ;; zlib libraries, so we need to propagate the inputs. | |
128 | (propagated-inputs `(("libgcrypt" ,libgcrypt) | |
129 | ("zlib" ,zlib))) | |
fe365a3d | 130 | (arguments `(#:configure-flags `("--with-libgcrypt") |
e2c7b7bb MB |
131 | #:phases (modify-phases %standard-phases |
132 | (replace 'bootstrap | |
133 | (lambda _ | |
134 | (invoke "autoreconf" "-v")))))) | |
ac2d5de3 MB |
135 | (native-inputs `(("autoconf" ,autoconf) |
136 | ("automake" ,automake))) | |
35b9e423 | 137 | (synopsis "Client-side C library implementing the SSH2 protocol") |
2fbf053b AE |
138 | (description |
139 | "libssh2 is a library intended to allow software developers access to | |
35b9e423 | 140 | the SSH-2 protocol in an easy-to-use self-contained package. It can be built |
2fbf053b AE |
141 | into an application to perform many different tasks when communicating with |
142 | a server that supports the SSH-2 protocol.") | |
143 | (license license:bsd-3) | |
18e627be | 144 | (home-page "https://www.libssh2.org/"))) |
fe0b8a78 AE |
145 | |
146 | (define-public openssh | |
147 | (package | |
148 | (name "openssh") | |
df71447e | 149 | (version "7.9p1") |
fe0b8a78 | 150 | (source (origin |
644e5f17 TGR |
151 | (method url-fetch) |
152 | (uri (string-append "mirror://openbsd/OpenSSH/portable/" | |
153 | name "-" version ".tar.gz")) | |
2b65a9e6 | 154 | (patches (search-patches "openssh-CVE-2018-20685.patch")) |
644e5f17 TGR |
155 | (sha256 |
156 | (base32 | |
df71447e | 157 | "1b8sy6v0b8v4ggmknwcqx3y1rjcpsll0f1f8f4vyv11x4ni3njvb")))) |
fe0b8a78 | 158 | (build-system gnu-build-system) |
618631f3 GB |
159 | (native-inputs `(("groff" ,groff) |
160 | ("pkg-config" ,pkg-config))) | |
161 | (inputs `(("libedit" ,libedit) | |
162 | ("openssl" ,openssl) | |
39012aab | 163 | ("pam" ,linux-pam) |
040b6299 | 164 | ("mit-krb5" ,mit-krb5) |
683a4a34 LC |
165 | ("zlib" ,zlib) |
166 | ("xauth" ,xauth))) ;for 'ssh -X' and 'ssh -Y' | |
fe0b8a78 AE |
167 | (arguments |
168 | `(#:test-target "tests" | |
d3552450 LF |
169 | ;; Otherwise, the test scripts try to use a nonexistent directory and |
170 | ;; fail. | |
171 | #:make-flags '("REGRESSTMP=\"$${BUILDDIR}/regress\"") | |
040b6299 | 172 | #:configure-flags `("--sysconfdir=/etc/ssh" |
39012aab | 173 | |
040b6299 | 174 | ;; Default value of 'PATH' used by sshd. |
9af49832 LC |
175 | "--with-default-path=/run/current-system/profile/bin" |
176 | ||
040b6299 JD |
177 | ;; configure needs to find krb5-config |
178 | ,(string-append "--with-kerberos5=" | |
179 | (assoc-ref %build-inputs "mit-krb5") | |
180 | "/bin") | |
181 | ||
618631f3 GB |
182 | ;; libedit needed for sftp completion |
183 | "--with-libedit" | |
184 | ||
39012aab LC |
185 | ;; Enable PAM support in sshd. |
186 | "--with-pam") | |
187 | ||
fe0b8a78 | 188 | #:phases |
a9ee11d5 RW |
189 | (modify-phases %standard-phases |
190 | (add-after 'configure 'reset-/var/empty | |
191 | (lambda* (#:key outputs #:allow-other-keys) | |
192 | (let ((out (assoc-ref outputs "out"))) | |
193 | (substitute* "Makefile" | |
194 | (("PRIVSEP_PATH=/var/empty") | |
195 | (string-append "PRIVSEP_PATH=" out "/var/empty"))) | |
196 | #t))) | |
197 | (add-before 'check 'patch-tests | |
198 | (lambda _ | |
199 | ;; remove 't-exec' regress target which requires user 'sshd' | |
200 | (substitute* "regress/Makefile" | |
201 | (("^(REGRESS_TARGETS=.*) t-exec(.*)" all pre post) | |
202 | (string-append pre post))) | |
203 | #t)) | |
204 | (replace 'install | |
36f26211 | 205 | (lambda* (#:key outputs (make-flags '()) #:allow-other-keys) |
a9ee11d5 | 206 | ;; install without host keys and system configuration files |
27b6adb7 MW |
207 | (apply invoke "make" "install-nosysconf" make-flags) |
208 | (install-file "contrib/ssh-copy-id" | |
209 | (string-append (assoc-ref outputs "out") | |
210 | "/bin/")) | |
211 | (chmod (string-append (assoc-ref outputs "out") | |
212 | "/bin/ssh-copy-id") #o555) | |
213 | (install-file "contrib/ssh-copy-id.1" | |
214 | (string-append (assoc-ref outputs "out") | |
215 | "/share/man/man1/")) | |
216 | #t))))) | |
35b9e423 | 217 | (synopsis "Client and server for the secure shell (ssh) protocol") |
fe0b8a78 AE |
218 | (description |
219 | "The SSH2 protocol implemented in OpenSSH is standardised by the | |
220 | IETF secsh working group and is specified in several RFCs and drafts. | |
221 | It is composed of three layered components: | |
222 | ||
223 | The transport layer provides algorithm negotiation and a key exchange. | |
224 | The key exchange includes server authentication and results in a | |
225 | cryptographically secured connection: it provides integrity, confidentiality | |
226 | and optional compression. | |
227 | ||
228 | The user authentication layer uses the established connection and relies on | |
35b9e423 EB |
229 | the services provided by the transport layer. It provides several mechanisms |
230 | for user authentication. These include traditional password authentication | |
fe0b8a78 AE |
231 | as well as public-key or host-based authentication mechanisms. |
232 | ||
233 | The connection layer multiplexes many different concurrent channels over the | |
234 | authenticated connection and allows tunneling of login sessions and | |
35b9e423 | 235 | TCP-forwarding. It provides a flow control service for these channels. |
fe0b8a78 | 236 | Additionally, various channel-specific options can be negotiated.") |
166191b3 | 237 | (license (license:non-copyleft "file://LICENSE" |
fe0b8a78 | 238 | "See LICENSE in the distribution.")) |
1121a5c6 | 239 | (home-page "https://www.openssh.com/"))) |
fe0b8a78 | 240 | |
49d294e5 LC |
241 | (define-public guile-ssh |
242 | (package | |
243 | (name "guile-ssh") | |
64bcc76c | 244 | (version "0.11.3") |
6634180f | 245 | (home-page "https://github.com/artyom-poptsov/guile-ssh") |
49d294e5 | 246 | (source (origin |
e98c354d LC |
247 | (method git-fetch) |
248 | (uri (git-reference | |
249 | (url home-page) | |
250 | (commit (string-append "v" version)))) | |
6634180f | 251 | (file-name (string-append name "-" version ".tar.gz")) |
49d294e5 LC |
252 | (sha256 |
253 | (base32 | |
e98c354d | 254 | "03bv3hwp2s8f0bqgfjaan9jx4dyab0abv27n2zn2g0izlidv0vl6")) |
a8b0556e LC |
255 | (modules '((guix build utils))) |
256 | (snippet | |
257 | '(begin | |
258 | ;; libssh >= 0.8.0 no longer provides libssh_threads: see | |
259 | ;; <https://github.com/artyom-poptsov/guile-ssh/issues/9>. | |
260 | (substitute* "libguile-ssh/Makefile.am" | |
261 | (("-lssh_threads") "")) | |
262 | ||
263 | ;; This test would wrongfully pick DSS keys when running on | |
264 | ;; libssh >= 0.8.0, which fails: | |
265 | ;; <https://github.com/artyom-poptsov/guile-ssh/issues/10>. | |
266 | (substitute* "tests/server.scm" | |
267 | (("= %libssh-minor-version 7") | |
268 | ">= %libssh-minor-version 7")) | |
269 | #t)))) | |
49d294e5 | 270 | (build-system gnu-build-system) |
74460d11 | 271 | (outputs '("out" "debug")) |
49d294e5 | 272 | (arguments |
c305ac30 LC |
273 | '(;; It makes no sense to build libguile-ssh.a. |
274 | #:configure-flags '("--disable-static") | |
275 | ||
276 | #:phases (modify-phases %standard-phases | |
8a8f6590 LC |
277 | (add-after 'unpack 'autoreconf |
278 | (lambda* (#:key inputs #:allow-other-keys) | |
e7c37ed5 | 279 | (invoke "autoreconf" "-vfi"))) |
92b72582 | 280 | (add-before 'build 'fix-libguile-ssh-file-name |
8a8f6590 | 281 | (lambda* (#:key outputs #:allow-other-keys) |
92b72582 LC |
282 | ;; Build and install libguile-ssh.so so that we can use |
283 | ;; its absolute file name in .scm files, before we build | |
284 | ;; the .go files. | |
e7c37ed5 TGR |
285 | (let* ((out (assoc-ref outputs "out")) |
286 | (lib (string-append out "/lib"))) | |
287 | (invoke "make" "install" | |
288 | "-C" "libguile-ssh" | |
289 | "-j" (number->string | |
290 | (parallel-job-count))) | |
291 | (substitute* (find-files "." "\\.scm$") | |
292 | (("\"libguile-ssh\"") | |
293 | (string-append "\"" lib "/libguile-ssh\""))) | |
294 | #t))) | |
d0002642 RJ |
295 | (add-after 'install 'remove-bin-directory |
296 | (lambda* (#:key outputs #:allow-other-keys) | |
297 | (let* ((out (assoc-ref outputs "out")) | |
298 | (bin (string-append out "/bin")) | |
299 | (examples (string-append | |
300 | out "/share/guile-ssh/examples"))) | |
301 | (mkdir-p examples) | |
302 | (rename-file (string-append bin "/ssshd.scm") | |
303 | (string-append examples "/ssshd.scm")) | |
304 | (rename-file (string-append bin "/sssh.scm") | |
305 | (string-append examples "/sssh.scm")) | |
306 | (delete-file-recursively bin) | |
307 | #t)))) | |
afde8da3 LC |
308 | ;; Tests are not parallel-safe. |
309 | #:parallel-tests? #f)) | |
49d294e5 LC |
310 | (native-inputs `(("autoconf" ,autoconf) |
311 | ("automake" ,automake) | |
3246cc91 | 312 | ("libtool" ,libtool) |
00ee3a71 | 313 | ("texinfo" ,texinfo) |
49d294e5 LC |
314 | ("pkg-config" ,pkg-config) |
315 | ("which" ,which))) | |
4d8806c3 | 316 | (inputs `(("guile" ,guile-2.2) |
6f9d5b2e | 317 | ("libssh" ,libssh) |
44fd0994 | 318 | ("libgcrypt" ,libgcrypt))) |
49d294e5 LC |
319 | (synopsis "Guile bindings to libssh") |
320 | (description | |
321 | "Guile-SSH is a library that provides access to the SSH protocol for | |
322 | programs written in GNU Guile interpreter. It is a wrapper to the underlying | |
323 | libssh library.") | |
49d294e5 | 324 | (license license:gpl3+))) |
513e1950 | 325 | |
befbaebf | 326 | (define-public guile2.2-ssh |
4d8806c3 LC |
327 | (deprecated-package "guile2.2-ssh" guile-ssh)) |
328 | ||
329 | (define-public guile2.0-ssh | |
75c260ba LC |
330 | (package |
331 | (inherit guile-ssh) | |
4d8806c3 LC |
332 | (name "guile2.0-ssh") |
333 | (inputs `(("guile" ,guile-2.0) | |
75c260ba | 334 | ,@(alist-delete "guile" (package-inputs guile-ssh)))))) |
befbaebf | 335 | |
513e1950 SHT |
336 | (define-public corkscrew |
337 | (package | |
338 | (name "corkscrew") | |
339 | (version "2.0") | |
340 | (source | |
341 | (origin | |
342 | (method url-fetch) | |
040ae44a TGR |
343 | ;; The agroman.net domain name expired on 2017-03-23, and the original |
344 | ;; "http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz" now returns | |
345 | ;; bogus HTML. Perhaps it will yet return. Until then, use a mirror. | |
346 | (uri (string-append "https://downloads.openwrt.org/sources/" | |
347 | "corkscrew-" version ".tar.gz")) | |
513e1950 SHT |
348 | (sha256 (base32 |
349 | "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd")))) | |
350 | (build-system gnu-build-system) | |
351 | (arguments | |
d2656332 | 352 | `(#:phases |
91c52629 EF |
353 | (modify-phases %standard-phases |
354 | (replace 'configure | |
5b34f56c TGR |
355 | ;; Replace configure phase as the ./configure script does not like |
356 | ;; CONFIG_SHELL and SHELL passed as parameters | |
357 | (lambda* (#:key outputs build target #:allow-other-keys) | |
358 | (let* ((out (assoc-ref outputs "out")) | |
359 | (bash (which "bash")) | |
91c52629 EF |
360 | ;; Set --build and --host flags as the provided config.guess |
361 | ;; is not able to detect them | |
5b34f56c | 362 | (flags `(,(string-append "--prefix=" out) |
91c52629 EF |
363 | ,(string-append "--build=" build) |
364 | ,(string-append "--host=" (or target build))))) | |
365 | (setenv "CONFIG_SHELL" bash) | |
5b34f56c | 366 | (apply invoke bash "./configure" flags)))) |
81d95a12 TGR |
367 | (add-after 'install 'install-documentation |
368 | (lambda* (#:key outputs #:allow-other-keys) | |
369 | (let* ((out (assoc-ref outputs "out")) | |
d2656332 | 370 | (doc (string-append out "/share/doc/" ,name "-" ,version))) |
81d95a12 TGR |
371 | (install-file "README" doc) |
372 | #t)))))) | |
513e1950 | 373 | (home-page "http://www.agroman.net/corkscrew") |
10c95711 | 374 | (synopsis "SSH tunneling through HTTP(S) proxies") |
513e1950 | 375 | (description |
10c95711 TGR |
376 | "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies. |
377 | Proxy authentication is only supported through the plain-text HTTP basic | |
378 | authentication scheme.") | |
513e1950 | 379 | (license license:gpl2+))) |
87bf526b LC |
380 | |
381 | (define-public mosh | |
382 | (package | |
383 | (name "mosh") | |
4b8b245b | 384 | (version "1.3.2") |
87bf526b LC |
385 | (source (origin |
386 | (method url-fetch) | |
c3671282 | 387 | (uri (string-append "https://mosh.org/mosh-" version ".tar.gz")) |
87bf526b LC |
388 | (sha256 |
389 | (base32 | |
4b8b245b | 390 | "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s")))) |
87bf526b LC |
391 | (build-system gnu-build-system) |
392 | (arguments | |
11379192 EF |
393 | '(#:phases |
394 | (modify-phases %standard-phases | |
395 | (add-after 'install 'wrap | |
396 | (lambda* (#:key outputs #:allow-other-keys) | |
397 | ;; Make sure 'mosh' can find 'mosh-client' and | |
398 | ;; 'mosh-server'. | |
399 | (let* ((out (assoc-ref outputs "out")) | |
400 | (bin (string-append out "/bin"))) | |
401 | (wrap-program (string-append bin "/mosh") | |
402 | `("PATH" ":" prefix (,bin))))))))) | |
87bf526b LC |
403 | (native-inputs |
404 | `(("pkg-config" ,pkg-config))) | |
405 | (inputs | |
406 | `(("openssl" ,openssl) | |
407 | ("perl" ,perl) | |
408 | ("perl-io-tty" ,perl-io-tty) | |
409 | ("zlib" ,zlib) | |
410 | ("ncurses" ,ncurses) | |
411 | ("protobuf" ,protobuf) | |
412 | ("boost-headers" ,boost))) | |
c3671282 | 413 | (home-page "https://mosh.org/") |
87bf526b LC |
414 | (synopsis "Remote shell tolerant to intermittent connectivity") |
415 | (description | |
416 | "Remote terminal application that allows roaming, supports intermittent | |
417 | connectivity, and provides intelligent local echo and line editing of user | |
418 | keystrokes. Mosh is a replacement for SSH. It's more robust and responsive, | |
419 | especially over Wi-Fi, cellular, and long-distance links.") | |
420 | (license license:gpl3+))) | |
8c6cfd55 | 421 | |
c9a6a36f SR |
422 | (define-public et |
423 | (package | |
424 | (name "et") | |
425 | (version "3.1.0") | |
426 | (source | |
427 | (origin | |
428 | (method url-fetch) | |
429 | (uri (string-append | |
430 | "https://github.com/MisterTea/EternalTCP/archive/et-v" | |
431 | version ".tar.gz")) | |
432 | (sha256 | |
433 | (base32 "1n2w2kqbshdmbb0gz4yizyw9gqfls6qm2dnwx1d9c2hz7hmi7521")))) | |
434 | (build-system cmake-build-system) | |
435 | (arguments `(#:tests? #f)) | |
436 | (native-inputs | |
437 | `(("pkg-config" ,pkg-config))) | |
438 | (inputs `(("glog" ,glog) | |
439 | ("gflags" ,gflags) | |
440 | ("libsodium" ,libsodium) | |
441 | ("protobuf" ,protobuf))) | |
442 | (synopsis "Remote shell that automatically reconnects") | |
443 | (description | |
444 | "Eternal Terminal (ET) is a remote shell that automatically reconnects | |
445 | without interrupting the session. Unlike SSH sessions, ET sessions will | |
839ee8d5 TGR |
446 | survive even network outages and IP changes. ET uses a custom protocol over |
447 | TCP, not the SSH protocol.") | |
c9a6a36f SR |
448 | (home-page "https://mistertea.github.io/EternalTCP/") |
449 | (license license:asl2.0))) | |
450 | ||
8c6cfd55 JD |
451 | (define-public dropbear |
452 | (package | |
453 | (name "dropbear") | |
aa08ab38 | 454 | (version "2018.76") |
8c6cfd55 JD |
455 | (source (origin |
456 | (method url-fetch) | |
457 | (uri (string-append | |
dec3e015 | 458 | "https://matt.ucc.asn.au/" name "/releases/" |
a124bbd2 | 459 | name "-" version ".tar.bz2")) |
8a5a1eff | 460 | (patches (search-patches "dropbear-CVE-2018-15599.patch")) |
8c6cfd55 | 461 | (sha256 |
dec3e015 | 462 | (base32 |
aa08ab38 | 463 | "0rgavbzw7jrs5wslxm0dnwx2m409yzxd9hazd92r7kx8xikr3yzj")))) |
8c6cfd55 | 464 | (build-system gnu-build-system) |
aa08ab38 | 465 | (arguments `(#:tests? #f)) ; there is no "make check" or anything similar |
d5612439 LF |
466 | ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least |
467 | ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674> | |
468 | ;; for more information. | |
8c6cfd55 JD |
469 | (inputs `(("zlib" ,zlib))) |
470 | (synopsis "Small SSH server and client") | |
471 | (description "Dropbear is a relatively small SSH server and | |
35b9e423 EB |
472 | client. It runs on a variety of POSIX-based platforms. Dropbear is |
473 | particularly useful for embedded systems, such as wireless routers.") | |
8c6cfd55 JD |
474 | (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html") |
475 | (license (license:x11-style "" "See file LICENSE.")))) | |
2102ae2e DC |
476 | |
477 | (define-public liboop | |
478 | (package | |
479 | (name "liboop") | |
506737f1 | 480 | (version "1.0.1") |
2102ae2e DC |
481 | (source |
482 | (origin | |
483 | (method url-fetch) | |
506737f1 TGR |
484 | (uri (string-append "http://ftp.lysator.liu.se/pub/liboop/" |
485 | name "-" version ".tar.gz")) | |
2102ae2e DC |
486 | (sha256 |
487 | (base32 | |
506737f1 | 488 | "1q0p1l72pq9k3bi7a366j2rishv7dzzkg3i6r2npsfg7cnnidbsn")))) |
2102ae2e DC |
489 | (build-system gnu-build-system) |
490 | (home-page "http://www.lysator.liu.se/liboop/") | |
491 | (synopsis "Event loop library") | |
492 | (description "Liboop is a low-level event loop management library for | |
493 | POSIX-based operating systems. It supports the development of modular, | |
494 | multiplexed applications which may respond to events from several sources. It | |
495 | replaces the \"select() loop\" and allows the registration of event handlers | |
496 | for file and network I/O, timers and signals. Since processes use these | |
497 | mechanisms for almost all external communication, liboop can be used as the | |
498 | basis for almost any application.") | |
499 | (license license:lgpl2.1+))) | |
500 | ||
501 | (define-public lsh | |
502 | (package | |
503 | (name "lsh") | |
504 | (version "2.1") | |
505 | (source (origin | |
506 | (method url-fetch) | |
507 | (uri (string-append "mirror://gnu/lsh/lsh-" | |
508 | version ".tar.gz")) | |
509 | (sha256 | |
510 | (base32 | |
511 | "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb")) | |
512 | (modules '((guix build utils))) | |
513 | (snippet | |
514 | '(begin | |
515 | (substitute* "src/testsuite/functions.sh" | |
516 | (("localhost") | |
517 | ;; Avoid host name lookups since they don't work in | |
518 | ;; chroot builds. | |
519 | "127.0.0.1") | |
520 | (("set -e") | |
521 | ;; Make tests more verbose. | |
522 | "set -e\nset -x")) | |
523 | ||
524 | (substitute* (find-files "src/testsuite" "-test$") | |
525 | (("localhost") "127.0.0.1")) | |
526 | ||
527 | (substitute* "src/testsuite/login-auth-test" | |
6cbee49d MW |
528 | (("/bin/cat") "cat")) |
529 | #t)))) | |
2102ae2e DC |
530 | (build-system gnu-build-system) |
531 | (native-inputs | |
532 | `(("m4" ,m4) | |
533 | ("guile" ,guile-2.0) | |
534 | ("gperf" ,gperf) | |
535 | ("psmisc" ,psmisc))) ; for `killall' | |
536 | (inputs | |
537 | `(("nettle" ,nettle-2) | |
538 | ("linux-pam" ,linux-pam) | |
539 | ||
540 | ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in | |
541 | ;; Readline 6.3. | |
542 | ("readline" ,readline-6.2) | |
543 | ||
544 | ("liboop" ,liboop) | |
545 | ("zlib" ,zlib) | |
546 | ("gmp" ,gmp) | |
547 | ||
548 | ;; The server (lshd) invokes xauth when X11 forwarding is requested. | |
549 | ;; This adds 24 MiB (or 27%) to the closure of lsh. | |
550 | ("xauth" ,xauth))) | |
551 | (arguments | |
552 | '(;; Skip the `configure' test that checks whether /dev/ptmx & | |
553 | ;; co. work as expected, because it relies on impurities (for | |
554 | ;; instance, /dev/pts may be unavailable in chroots.) | |
d5c969ce LC |
555 | #:configure-flags '("lsh_cv_sys_unix98_ptys=yes" |
556 | ||
557 | ;; Use glibc's argp rather than the bundled one. | |
558 | "--with-system-argp" | |
559 | ||
560 | ;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing | |
561 | ;; defines it. | |
562 | "CPPFLAGS=-DHAVE_ARGP_PARSE") | |
2102ae2e DC |
563 | |
564 | ;; FIXME: Tests won't run in a chroot, presumably because | |
565 | ;; /etc/profile is missing, and thus clients get an empty $PATH | |
566 | ;; and nothing works. | |
567 | #:tests? #f | |
568 | ||
569 | #:phases | |
570 | (modify-phases %standard-phases | |
571 | (add-before 'configure 'pre-configure | |
572 | (lambda* (#:key inputs #:allow-other-keys) | |
573 | (let* ((nettle (assoc-ref inputs "nettle")) | |
574 | (sexp-conv (string-append nettle "/bin/sexp-conv"))) | |
d5c969ce LC |
575 | ;; Remove argp from the list of sub-directories; we don't want |
576 | ;; to build it, really. | |
577 | (substitute* "src/Makefile.in" | |
578 | (("^SUBDIRS = argp") | |
579 | "SUBDIRS =")) | |
580 | ||
2102ae2e DC |
581 | ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place |
582 | ;; by default. | |
583 | (substitute* "src/environ.h.in" | |
584 | (("^#define PATH_SEXP_CONV.*") | |
585 | (string-append "#define PATH_SEXP_CONV \"" | |
586 | sexp-conv "\"\n"))) | |
587 | ||
588 | ;; Same for the 'lsh-authorize' script. | |
589 | (substitute* "src/lsh-authorize" | |
590 | (("=sexp-conv") | |
591 | (string-append "=" sexp-conv))) | |
592 | ||
593 | ;; Tell lshd where 'xauth' lives. Another option would be to | |
594 | ;; hardcode "/run/current-system/profile/bin/xauth", thereby | |
595 | ;; reducing the closure size, but that wouldn't work on foreign | |
596 | ;; distros. | |
597 | (with-fluids ((%default-port-encoding "ISO-8859-1")) | |
598 | (substitute* "src/server_x11.c" | |
599 | (("define XAUTH_PROGRAM.*") | |
600 | (string-append "define XAUTH_PROGRAM \"" | |
601 | (assoc-ref inputs "xauth") | |
602 | "/bin/xauth\"\n"))))) | |
603 | ||
604 | ;; Tests rely on $USER being set. | |
605 | (setenv "USER" "guix")))))) | |
606 | (home-page "http://www.lysator.liu.se/~nisse/lsh/") | |
607 | (synopsis "GNU implementation of the Secure Shell (ssh) protocols") | |
608 | (description | |
609 | "GNU lsh is a free implementation of the SSH version 2 protocol. It is | |
610 | used to create a secure line of communication between two computers, | |
611 | providing shell access to the server system from the client. It provides | |
612 | both the server daemon and the client application, as well as tools for | |
613 | manipulating key files.") | |
614 | (license license:gpl2+))) | |
c777570b NG |
615 | |
616 | (define-public sshpass | |
617 | (package | |
618 | (name "sshpass") | |
619 | (version "1.06") | |
620 | (synopsis "Non-interactive password authentication with SSH") | |
621 | (home-page "https://sourceforge.net/projects/sshpass/") | |
622 | (source | |
623 | (origin | |
624 | (method url-fetch) | |
625 | (uri (string-append "mirror://sourceforge/sshpass/sshpass/" | |
626 | version "/sshpass-" version ".tar.gz")) | |
627 | (sha256 | |
628 | (base32 | |
629 | "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6")))) | |
630 | (build-system gnu-build-system) | |
631 | (description "sshpass is a tool for non-interactivly performing password | |
632 | authentication with SSH's so-called @dfn{interactive keyboard password | |
633 | authentication}.") | |
634 | (license license:gpl2+))) | |
8caeb117 CAW |
635 | |
636 | (define-public autossh | |
637 | (package | |
638 | (name "autossh") | |
d6bbb7e5 | 639 | (version "1.4g") |
8caeb117 CAW |
640 | (source |
641 | (origin | |
642 | (method url-fetch) | |
643 | (uri (string-append | |
26045af9 | 644 | "https://www.harding.motd.ca/autossh/autossh-" |
8caeb117 CAW |
645 | version ".tgz")) |
646 | (sha256 | |
d6bbb7e5 | 647 | (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz")))) |
8caeb117 CAW |
648 | (build-system gnu-build-system) |
649 | (arguments `(#:tests? #f)) ; There is no "make check" or anything similar | |
650 | (inputs `(("openssh" ,openssh))) | |
651 | (synopsis "Automatically restart SSH sessions and tunnels") | |
652 | (description "autossh is a program to start a copy of @command{ssh} and | |
653 | monitor it, restarting it as necessary should it die or stop passing traffic.") | |
26045af9 | 654 | (home-page "https://www.harding.motd.ca/autossh/") |
8caeb117 CAW |
655 | (license |
656 | ;; Why point to a source file? Well, all the individual files have a | |
657 | ;; copy of this license in their headers, but there's no separate file | |
658 | ;; with that information. | |
659 | (license:non-copyleft "file://autossh.c")))) | |
227dbd84 RW |
660 | |
661 | (define-public pdsh | |
662 | (package | |
663 | (name "pdsh") | |
b982fb1c | 664 | (version "2.33") |
227dbd84 RW |
665 | (source |
666 | (origin | |
667 | (method url-fetch) | |
b982fb1c | 668 | (uri (string-append "https://github.com/chaos/pdsh/" |
669 | "releases/download/pdsh-" version | |
670 | "/pdsh-" version ".tar.gz")) | |
671 | (file-name (string-append name "-" version ".tar.gz")) | |
227dbd84 | 672 | (sha256 |
b982fb1c | 673 | (base32 "0bwlkl9inj66iwvafg00pi3sk9n673phdi0kcc59y9nn55s0hs3k")))) |
227dbd84 RW |
674 | (build-system gnu-build-system) |
675 | (arguments | |
676 | `(#:configure-flags | |
677 | (list "--with-ssh") | |
678 | #:phases | |
679 | (modify-phases %standard-phases | |
680 | (add-after 'unpack 'patch-/bin/sh | |
681 | (lambda _ | |
b982fb1c | 682 | (substitute* '("tests/t0006-pdcp.sh" |
683 | "tests/t0004-module-loading.sh" | |
684 | "tests/t2001-ssh.sh" | |
685 | "tests/t1003-slurm.sh" | |
686 | "tests/t6036-long-output-lines.sh" | |
687 | "tests/aggregate-results.sh" | |
688 | "tests/t2000-exec.sh" | |
689 | "tests/t0002-internal.sh" | |
690 | "tests/t1002-dshgroup.sh" | |
691 | "tests/t5000-dshbak.sh" | |
692 | "tests/t0001-basic.sh" | |
693 | "tests/t0005-rcmd_type-and-user.sh" | |
227dbd84 | 694 | "tests/test-lib.sh" |
b982fb1c | 695 | "tests/t2002-mrsh.sh" |
696 | "tests/t0003-wcoll.sh" | |
227dbd84 RW |
697 | "tests/test-modules/pcptest.c") |
698 | (("/bin/sh") (which "bash"))) | |
b982fb1c | 699 | #t)) |
700 | (add-after 'unpack 'patch-tests | |
701 | (lambda _ | |
702 | (substitute* "tests/t6036-long-output-lines.sh" | |
703 | (("which") (which "which"))) | |
227dbd84 RW |
704 | #t))))) |
705 | (inputs | |
706 | `(("openssh" ,openssh) | |
707 | ("mit-krb5" ,mit-krb5) | |
708 | ("perl" ,perl))) | |
b982fb1c | 709 | (native-inputs |
710 | `(("which" ,which))) | |
711 | (home-page "https://github.com/chaos/pdsh") | |
227dbd84 RW |
712 | (synopsis "Parallel distributed shell") |
713 | (description "Pdsh is a an efficient, multithreaded remote shell client | |
714 | which executes commands on multiple remote hosts in parallel. Pdsh implements | |
715 | dynamically loadable modules for extended functionality such as new remote | |
716 | shell services and remote host selection.") | |
717 | (license license:gpl2+))) | |
ae72b8f5 MG |
718 | |
719 | (define-public clustershell | |
720 | (package | |
721 | (name "clustershell") | |
722 | (version "1.8") | |
723 | (source | |
724 | (origin | |
725 | (method url-fetch) | |
726 | (uri (string-append "https://github.com/cea-hpc/clustershell/archive/v" | |
727 | version | |
728 | ".tar.gz")) | |
729 | (sha256 | |
730 | (base32 "1qyf6zp5ikk8rk7zvx5ssbgr9si2bqv3a3415590kd07s7i16nmd")) | |
731 | (file-name (string-append name "-" version ".tar.gz")))) | |
732 | (build-system python-build-system) | |
733 | (inputs `(("openssh" ,openssh))) | |
734 | (propagated-inputs `(("python-pyyaml" ,python-pyyaml))) | |
735 | (arguments | |
736 | `(#:phases (modify-phases %standard-phases | |
737 | (add-before 'build 'record-openssh-file-name | |
738 | (lambda* (#:key inputs #:allow-other-keys) | |
739 | (let ((ssh (assoc-ref inputs "openssh"))) | |
740 | (substitute* "lib/ClusterShell/Worker/Ssh.py" | |
741 | (("info\\(\"ssh_path\"\\) or \"ssh\"") | |
742 | (string-append "info(\"ssh_path\") or \"" | |
743 | ssh "/bin/ssh\""))) | |
744 | #t)))))) | |
745 | (home-page "https://cea-hpc.github.io/clustershell/") | |
746 | (synopsis "Scalable event-driven Python framework for cluster administration") | |
747 | (description | |
748 | "ClusterShell is an event-driven Python framework, designed to run local | |
749 | or distant commands in parallel on server farms or on large GNU/Linux | |
750 | clusters. It will take care of common issues encountered on HPC clusters, | |
751 | such as operating on groups of nodes, running distributed commands using | |
752 | optimized execution algorithms, as well as gathering results and merging | |
753 | identical outputs, or retrieving return codes. ClusterShell takes advantage | |
754 | of existing remote shell facilities such as SSH.") | |
755 | (license license:lgpl2.1+))) |