Commit | Line | Data |
---|---|---|
2fbf053b | 1 | ;;; GNU Guix --- Functional package management for GNU |
a8b0556e | 2 | ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> |
06ed5982 | 3 | ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr> |
45f2ffb4 | 4 | ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> |
87007947 | 5 | ;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner <efraim@flashner.co.il> |
af8f7eb4 | 6 | ;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name> |
c777570b | 7 | ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr> |
8caeb117 | 8 | ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> |
d6bbb7e5 | 9 | ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> |
c9a6a36f | 10 | ;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at> |
227dbd84 | 11 | ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> |
47956fa0 | 12 | ;;; Copyright © 2017 ng0 <ng0@n0.is> |
ae72b8f5 | 13 | ;;; Copyright © 2018 Manuel Graf <graf@init.at> |
618631f3 | 14 | ;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com> |
2fbf053b AE |
15 | ;;; |
16 | ;;; This file is part of GNU Guix. | |
17 | ;;; | |
18 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
19 | ;;; under the terms of the GNU General Public License as published by | |
20 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
21 | ;;; your option) any later version. | |
22 | ;;; | |
23 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
24 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
26 | ;;; GNU General Public License for more details. | |
27 | ;;; | |
28 | ;;; You should have received a copy of the GNU General Public License | |
29 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
30 | ||
31 | (define-module (gnu packages ssh) | |
2102ae2e DC |
32 | #:use-module (gnu packages) |
33 | #:use-module (gnu packages autotools) | |
34 | #:use-module (gnu packages base) | |
35 | #:autoload (gnu packages boost) (boost) | |
2fbf053b | 36 | #:use-module (gnu packages compression) |
c9a6a36f | 37 | #:use-module (gnu packages crypto) |
2102ae2e | 38 | #:use-module (gnu packages elf) |
2fbf053b | 39 | #:use-module (gnu packages gnupg) |
2102ae2e | 40 | #:use-module (gnu packages gperf) |
fe0b8a78 | 41 | #:use-module (gnu packages groff) |
49d294e5 | 42 | #:use-module (gnu packages guile) |
618631f3 | 43 | #:use-module (gnu packages libedit) |
2102ae2e | 44 | #:use-module (gnu packages linux) |
c9a6a36f | 45 | #:use-module (gnu packages logging) |
2102ae2e DC |
46 | #:use-module (gnu packages m4) |
47 | #:use-module (gnu packages multiprecision) | |
87bf526b | 48 | #:use-module (gnu packages ncurses) |
2102ae2e | 49 | #:use-module (gnu packages nettle) |
89e34644 | 50 | #:use-module (gnu packages kerberos) |
2102ae2e DC |
51 | #:use-module (gnu packages perl) |
52 | #:use-module (gnu packages pkg-config) | |
c9a6a36f | 53 | #:use-module (gnu packages popt) |
87bf526b | 54 | #:autoload (gnu packages protobuf) (protobuf) |
ae72b8f5 | 55 | #:use-module (gnu packages python) |
44d10b1f | 56 | #:use-module (gnu packages python-xyz) |
2102ae2e DC |
57 | #:use-module (gnu packages readline) |
58 | #:use-module (gnu packages texinfo) | |
cc2b77df | 59 | #:use-module (gnu packages tls) |
2102ae2e DC |
60 | #:use-module (gnu packages xorg) |
61 | #:use-module (guix build-system cmake) | |
62 | #:use-module (guix build-system gnu) | |
ae72b8f5 | 63 | #:use-module (guix build-system python) |
2fbf053b | 64 | #:use-module (guix download) |
817efe8b | 65 | #:use-module (guix git-download) |
2102ae2e | 66 | #:use-module ((guix licenses) #:prefix license:) |
befbaebf | 67 | #:use-module (guix packages) |
7e90eb98 | 68 | #:use-module (guix utils) |
befbaebf | 69 | #:use-module (srfi srfi-1)) |
1681cd4a LC |
70 | |
71 | (define-public libssh | |
eed00f93 LF |
72 | (package |
73 | (name "libssh") | |
def91c13 | 74 | (version "0.9.2") |
eed00f93 LF |
75 | (source (origin |
76 | (method git-fetch) | |
77 | (uri (git-reference | |
d5401375 | 78 | (url "https://git.libssh.org/projects/libssh.git") |
12995856 | 79 | (commit (string-append "libssh-" version)))) |
eed00f93 LF |
80 | (sha256 |
81 | (base32 | |
def91c13 | 82 | "14g4rvp91skn2hlsjyhkv58vhng65xrf34cfqffixa4al869hzgj")) |
eed00f93 LF |
83 | (file-name (git-file-name name version)))) |
84 | (build-system cmake-build-system) | |
85 | (outputs '("out" "debug")) | |
86 | (arguments | |
87 | '(#:configure-flags '("-DWITH_GCRYPT=ON") | |
deed349b | 88 | |
a8b0556e LC |
89 | #:phases (modify-phases %standard-phases |
90 | (add-before 'configure 'avoid-werror | |
91 | (lambda _ | |
92 | ;; Avoid '-Werror'. Presumably this works fine with | |
93 | ;; gcc@8 on x86_64 but leads to errors with our older | |
94 | ;; compiler. | |
95 | (substitute* "CompilerChecks.cmake" | |
96 | (("-Werror=") "-W")) | |
97 | #t))) | |
98 | ||
eed00f93 LF |
99 | ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite. |
100 | #:tests? #f)) | |
101 | (inputs `(("zlib" ,zlib) | |
102 | ("libgcrypt" ,libgcrypt))) | |
103 | (synopsis "SSH client library") | |
104 | (description | |
105 | "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client | |
106 | and server implementations. With libssh, you can remotely execute programs, | |
107 | transfer files, and use a secure and transparent tunnel for your remote | |
108 | applications.") | |
109 | (home-page "https://www.libssh.org") | |
110 | (license license:lgpl2.1+))) | |
2fbf053b AE |
111 | |
112 | (define-public libssh2 | |
113 | (package | |
114 | (name "libssh2") | |
61f34ae5 | 115 | (version "1.9.0") |
2fbf053b AE |
116 | (source (origin |
117 | (method url-fetch) | |
118 | (uri (string-append | |
78d80c5c | 119 | "https://www.libssh2.org/download/libssh2-" |
2fbf053b | 120 | version ".tar.gz")) |
78d80c5c LF |
121 | (sha256 |
122 | (base32 | |
61f34ae5 | 123 | "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym")))) |
2fbf053b | 124 | (build-system gnu-build-system) |
e9c14f37 EB |
125 | ;; The installed libssh2.pc file does not include paths to libgcrypt and |
126 | ;; zlib libraries, so we need to propagate the inputs. | |
127 | (propagated-inputs `(("libgcrypt" ,libgcrypt) | |
128 | ("zlib" ,zlib))) | |
61f34ae5 | 129 | (arguments `(#:configure-flags `("--with-libgcrypt"))) |
35b9e423 | 130 | (synopsis "Client-side C library implementing the SSH2 protocol") |
2fbf053b AE |
131 | (description |
132 | "libssh2 is a library intended to allow software developers access to | |
35b9e423 | 133 | the SSH-2 protocol in an easy-to-use self-contained package. It can be built |
2fbf053b AE |
134 | into an application to perform many different tasks when communicating with |
135 | a server that supports the SSH-2 protocol.") | |
136 | (license license:bsd-3) | |
18e627be | 137 | (home-page "https://www.libssh2.org/"))) |
fe0b8a78 AE |
138 | |
139 | (define-public openssh | |
140 | (package | |
141 | (name "openssh") | |
fa619007 | 142 | (version "8.0p1") |
fe0b8a78 | 143 | (source (origin |
644e5f17 TGR |
144 | (method url-fetch) |
145 | (uri (string-append "mirror://openbsd/OpenSSH/portable/" | |
146 | name "-" version ".tar.gz")) | |
147 | (sha256 | |
148 | (base32 | |
fa619007 | 149 | "0s7xh4s0qcipnjh9ls5blxcpvhyd116z9dxn3q1yi64lwrwki55x")))) |
fe0b8a78 | 150 | (build-system gnu-build-system) |
618631f3 GB |
151 | (native-inputs `(("groff" ,groff) |
152 | ("pkg-config" ,pkg-config))) | |
153 | (inputs `(("libedit" ,libedit) | |
154 | ("openssl" ,openssl) | |
39012aab | 155 | ("pam" ,linux-pam) |
040b6299 | 156 | ("mit-krb5" ,mit-krb5) |
683a4a34 LC |
157 | ("zlib" ,zlib) |
158 | ("xauth" ,xauth))) ;for 'ssh -X' and 'ssh -Y' | |
fe0b8a78 AE |
159 | (arguments |
160 | `(#:test-target "tests" | |
d3552450 LF |
161 | ;; Otherwise, the test scripts try to use a nonexistent directory and |
162 | ;; fail. | |
163 | #:make-flags '("REGRESSTMP=\"$${BUILDDIR}/regress\"") | |
040b6299 | 164 | #:configure-flags `("--sysconfdir=/etc/ssh" |
39012aab | 165 | |
040b6299 | 166 | ;; Default value of 'PATH' used by sshd. |
9af49832 LC |
167 | "--with-default-path=/run/current-system/profile/bin" |
168 | ||
040b6299 JD |
169 | ;; configure needs to find krb5-config |
170 | ,(string-append "--with-kerberos5=" | |
171 | (assoc-ref %build-inputs "mit-krb5") | |
172 | "/bin") | |
173 | ||
618631f3 GB |
174 | ;; libedit needed for sftp completion |
175 | "--with-libedit" | |
176 | ||
39012aab LC |
177 | ;; Enable PAM support in sshd. |
178 | "--with-pam") | |
179 | ||
fe0b8a78 | 180 | #:phases |
a9ee11d5 RW |
181 | (modify-phases %standard-phases |
182 | (add-after 'configure 'reset-/var/empty | |
183 | (lambda* (#:key outputs #:allow-other-keys) | |
184 | (let ((out (assoc-ref outputs "out"))) | |
185 | (substitute* "Makefile" | |
186 | (("PRIVSEP_PATH=/var/empty") | |
187 | (string-append "PRIVSEP_PATH=" out "/var/empty"))) | |
188 | #t))) | |
189 | (add-before 'check 'patch-tests | |
190 | (lambda _ | |
191 | ;; remove 't-exec' regress target which requires user 'sshd' | |
192 | (substitute* "regress/Makefile" | |
193 | (("^(REGRESS_TARGETS=.*) t-exec(.*)" all pre post) | |
194 | (string-append pre post))) | |
195 | #t)) | |
196 | (replace 'install | |
36f26211 | 197 | (lambda* (#:key outputs (make-flags '()) #:allow-other-keys) |
a9ee11d5 | 198 | ;; install without host keys and system configuration files |
27b6adb7 MW |
199 | (apply invoke "make" "install-nosysconf" make-flags) |
200 | (install-file "contrib/ssh-copy-id" | |
201 | (string-append (assoc-ref outputs "out") | |
202 | "/bin/")) | |
203 | (chmod (string-append (assoc-ref outputs "out") | |
204 | "/bin/ssh-copy-id") #o555) | |
205 | (install-file "contrib/ssh-copy-id.1" | |
206 | (string-append (assoc-ref outputs "out") | |
207 | "/share/man/man1/")) | |
208 | #t))))) | |
35b9e423 | 209 | (synopsis "Client and server for the secure shell (ssh) protocol") |
fe0b8a78 AE |
210 | (description |
211 | "The SSH2 protocol implemented in OpenSSH is standardised by the | |
212 | IETF secsh working group and is specified in several RFCs and drafts. | |
213 | It is composed of three layered components: | |
214 | ||
215 | The transport layer provides algorithm negotiation and a key exchange. | |
216 | The key exchange includes server authentication and results in a | |
217 | cryptographically secured connection: it provides integrity, confidentiality | |
218 | and optional compression. | |
219 | ||
220 | The user authentication layer uses the established connection and relies on | |
35b9e423 EB |
221 | the services provided by the transport layer. It provides several mechanisms |
222 | for user authentication. These include traditional password authentication | |
fe0b8a78 AE |
223 | as well as public-key or host-based authentication mechanisms. |
224 | ||
225 | The connection layer multiplexes many different concurrent channels over the | |
226 | authenticated connection and allows tunneling of login sessions and | |
35b9e423 | 227 | TCP-forwarding. It provides a flow control service for these channels. |
fe0b8a78 | 228 | Additionally, various channel-specific options can be negotiated.") |
166191b3 | 229 | (license (license:non-copyleft "file://LICENSE" |
fe0b8a78 | 230 | "See LICENSE in the distribution.")) |
1121a5c6 | 231 | (home-page "https://www.openssh.com/"))) |
fe0b8a78 | 232 | |
49d294e5 LC |
233 | (define-public guile-ssh |
234 | (package | |
235 | (name "guile-ssh") | |
64bcc76c | 236 | (version "0.11.3") |
6634180f | 237 | (home-page "https://github.com/artyom-poptsov/guile-ssh") |
49d294e5 | 238 | (source (origin |
e98c354d LC |
239 | (method git-fetch) |
240 | (uri (git-reference | |
241 | (url home-page) | |
242 | (commit (string-append "v" version)))) | |
6634180f | 243 | (file-name (string-append name "-" version ".tar.gz")) |
49d294e5 LC |
244 | (sha256 |
245 | (base32 | |
e98c354d | 246 | "03bv3hwp2s8f0bqgfjaan9jx4dyab0abv27n2zn2g0izlidv0vl6")) |
a8b0556e LC |
247 | (modules '((guix build utils))) |
248 | (snippet | |
249 | '(begin | |
250 | ;; libssh >= 0.8.0 no longer provides libssh_threads: see | |
251 | ;; <https://github.com/artyom-poptsov/guile-ssh/issues/9>. | |
252 | (substitute* "libguile-ssh/Makefile.am" | |
253 | (("-lssh_threads") "")) | |
254 | ||
255 | ;; This test would wrongfully pick DSS keys when running on | |
256 | ;; libssh >= 0.8.0, which fails: | |
257 | ;; <https://github.com/artyom-poptsov/guile-ssh/issues/10>. | |
258 | (substitute* "tests/server.scm" | |
259 | (("= %libssh-minor-version 7") | |
260 | ">= %libssh-minor-version 7")) | |
7e90eb98 LC |
261 | |
262 | ;; Allow builds with Guile 3.0. | |
263 | (substitute* "configure.ac" | |
264 | (("^GUILE_PKG.*$") | |
265 | "GUILE_PKG([3.0 2.2 2.0])\n")) | |
a8b0556e | 266 | #t)))) |
49d294e5 | 267 | (build-system gnu-build-system) |
74460d11 | 268 | (outputs '("out" "debug")) |
49d294e5 | 269 | (arguments |
c305ac30 LC |
270 | '(;; It makes no sense to build libguile-ssh.a. |
271 | #:configure-flags '("--disable-static") | |
272 | ||
273 | #:phases (modify-phases %standard-phases | |
92b72582 | 274 | (add-before 'build 'fix-libguile-ssh-file-name |
8a8f6590 | 275 | (lambda* (#:key outputs #:allow-other-keys) |
92b72582 LC |
276 | ;; Build and install libguile-ssh.so so that we can use |
277 | ;; its absolute file name in .scm files, before we build | |
278 | ;; the .go files. | |
e7c37ed5 TGR |
279 | (let* ((out (assoc-ref outputs "out")) |
280 | (lib (string-append out "/lib"))) | |
281 | (invoke "make" "install" | |
282 | "-C" "libguile-ssh" | |
283 | "-j" (number->string | |
284 | (parallel-job-count))) | |
285 | (substitute* (find-files "." "\\.scm$") | |
286 | (("\"libguile-ssh\"") | |
287 | (string-append "\"" lib "/libguile-ssh\""))) | |
288 | #t))) | |
d0002642 RJ |
289 | (add-after 'install 'remove-bin-directory |
290 | (lambda* (#:key outputs #:allow-other-keys) | |
291 | (let* ((out (assoc-ref outputs "out")) | |
292 | (bin (string-append out "/bin")) | |
293 | (examples (string-append | |
294 | out "/share/guile-ssh/examples"))) | |
295 | (mkdir-p examples) | |
296 | (rename-file (string-append bin "/ssshd.scm") | |
297 | (string-append examples "/ssshd.scm")) | |
298 | (rename-file (string-append bin "/sssh.scm") | |
299 | (string-append examples "/sssh.scm")) | |
300 | (delete-file-recursively bin) | |
301 | #t)))) | |
afde8da3 LC |
302 | ;; Tests are not parallel-safe. |
303 | #:parallel-tests? #f)) | |
49d294e5 LC |
304 | (native-inputs `(("autoconf" ,autoconf) |
305 | ("automake" ,automake) | |
3246cc91 | 306 | ("libtool" ,libtool) |
00ee3a71 | 307 | ("texinfo" ,texinfo) |
49d294e5 LC |
308 | ("pkg-config" ,pkg-config) |
309 | ("which" ,which))) | |
4d8806c3 | 310 | (inputs `(("guile" ,guile-2.2) |
6f9d5b2e | 311 | ("libssh" ,libssh) |
44fd0994 | 312 | ("libgcrypt" ,libgcrypt))) |
49d294e5 LC |
313 | (synopsis "Guile bindings to libssh") |
314 | (description | |
315 | "Guile-SSH is a library that provides access to the SSH protocol for | |
316 | programs written in GNU Guile interpreter. It is a wrapper to the underlying | |
317 | libssh library.") | |
49d294e5 | 318 | (license license:gpl3+))) |
513e1950 | 319 | |
4d8806c3 | 320 | (define-public guile2.0-ssh |
75c260ba LC |
321 | (package |
322 | (inherit guile-ssh) | |
4d8806c3 LC |
323 | (name "guile2.0-ssh") |
324 | (inputs `(("guile" ,guile-2.0) | |
75c260ba | 325 | ,@(alist-delete "guile" (package-inputs guile-ssh)))))) |
befbaebf | 326 | |
7e90eb98 LC |
327 | (define-public guile3.0-ssh |
328 | (package | |
329 | (inherit guile-ssh) | |
330 | (name "guile3.0-ssh") | |
331 | (arguments | |
332 | (substitute-keyword-arguments (package-arguments guile-ssh) | |
333 | ((#:phases phases) | |
334 | `(modify-phases ,phases | |
335 | (add-before 'bootstrap 'delete-old-guile-m4 | |
336 | (lambda _ | |
337 | ;; The old 'guile.m4' that's shipped would fail to recognize | |
338 | ;; Guile 2.9 as "3.0". | |
339 | (delete-file "m4/guile.m4") | |
340 | #t)) | |
341 | (add-before 'build 'adjust-for-guile3 | |
342 | (lambda _ | |
343 | ;; Adjust for things that are deprecated in 2.2 and removed in | |
344 | ;; 3.0. | |
345 | (substitute* "tests/common.scm" | |
346 | (("define-module \\(tests common\\)") | |
347 | "define-module (tests common) | |
348 | #:use-module (ice-9 threads)\n")) | |
349 | (substitute* "modules/ssh/tunnel.scm" | |
350 | (("define-module \\(ssh tunnel\\)") | |
351 | "define-module (ssh tunnel) | |
352 | #:use-module (ice-9 threads)")) | |
353 | (substitute* "modules/srfi/srfi-64.upstream.scm" | |
354 | (("_IOLBF") | |
355 | "'line")) | |
356 | #t)))))) | |
357 | (inputs `(("guile" ,guile-next) | |
358 | ,@(alist-delete "guile" (package-inputs guile-ssh)))))) | |
359 | ||
513e1950 SHT |
360 | (define-public corkscrew |
361 | (package | |
362 | (name "corkscrew") | |
363 | (version "2.0") | |
364 | (source | |
365 | (origin | |
366 | (method url-fetch) | |
040ae44a TGR |
367 | ;; The agroman.net domain name expired on 2017-03-23, and the original |
368 | ;; "http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz" now returns | |
369 | ;; bogus HTML. Perhaps it will yet return. Until then, use a mirror. | |
370 | (uri (string-append "https://downloads.openwrt.org/sources/" | |
371 | "corkscrew-" version ".tar.gz")) | |
513e1950 SHT |
372 | (sha256 (base32 |
373 | "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd")))) | |
374 | (build-system gnu-build-system) | |
375 | (arguments | |
d2656332 | 376 | `(#:phases |
91c52629 EF |
377 | (modify-phases %standard-phases |
378 | (replace 'configure | |
5b34f56c TGR |
379 | ;; Replace configure phase as the ./configure script does not like |
380 | ;; CONFIG_SHELL and SHELL passed as parameters | |
381 | (lambda* (#:key outputs build target #:allow-other-keys) | |
382 | (let* ((out (assoc-ref outputs "out")) | |
383 | (bash (which "bash")) | |
91c52629 EF |
384 | ;; Set --build and --host flags as the provided config.guess |
385 | ;; is not able to detect them | |
5b34f56c | 386 | (flags `(,(string-append "--prefix=" out) |
91c52629 EF |
387 | ,(string-append "--build=" build) |
388 | ,(string-append "--host=" (or target build))))) | |
389 | (setenv "CONFIG_SHELL" bash) | |
5b34f56c | 390 | (apply invoke bash "./configure" flags)))) |
81d95a12 TGR |
391 | (add-after 'install 'install-documentation |
392 | (lambda* (#:key outputs #:allow-other-keys) | |
393 | (let* ((out (assoc-ref outputs "out")) | |
d2656332 | 394 | (doc (string-append out "/share/doc/" ,name "-" ,version))) |
81d95a12 TGR |
395 | (install-file "README" doc) |
396 | #t)))))) | |
513e1950 | 397 | (home-page "http://www.agroman.net/corkscrew") |
10c95711 | 398 | (synopsis "SSH tunneling through HTTP(S) proxies") |
513e1950 | 399 | (description |
10c95711 TGR |
400 | "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies. |
401 | Proxy authentication is only supported through the plain-text HTTP basic | |
402 | authentication scheme.") | |
513e1950 | 403 | (license license:gpl2+))) |
87bf526b LC |
404 | |
405 | (define-public mosh | |
406 | (package | |
407 | (name "mosh") | |
4b8b245b | 408 | (version "1.3.2") |
87bf526b LC |
409 | (source (origin |
410 | (method url-fetch) | |
c3671282 | 411 | (uri (string-append "https://mosh.org/mosh-" version ".tar.gz")) |
87bf526b LC |
412 | (sha256 |
413 | (base32 | |
4b8b245b | 414 | "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s")))) |
87bf526b LC |
415 | (build-system gnu-build-system) |
416 | (arguments | |
11379192 EF |
417 | '(#:phases |
418 | (modify-phases %standard-phases | |
419 | (add-after 'install 'wrap | |
420 | (lambda* (#:key outputs #:allow-other-keys) | |
421 | ;; Make sure 'mosh' can find 'mosh-client' and | |
422 | ;; 'mosh-server'. | |
423 | (let* ((out (assoc-ref outputs "out")) | |
424 | (bin (string-append out "/bin"))) | |
425 | (wrap-program (string-append bin "/mosh") | |
426 | `("PATH" ":" prefix (,bin))))))))) | |
87bf526b LC |
427 | (native-inputs |
428 | `(("pkg-config" ,pkg-config))) | |
429 | (inputs | |
430 | `(("openssl" ,openssl) | |
431 | ("perl" ,perl) | |
432 | ("perl-io-tty" ,perl-io-tty) | |
433 | ("zlib" ,zlib) | |
434 | ("ncurses" ,ncurses) | |
435 | ("protobuf" ,protobuf) | |
436 | ("boost-headers" ,boost))) | |
c3671282 | 437 | (home-page "https://mosh.org/") |
87bf526b LC |
438 | (synopsis "Remote shell tolerant to intermittent connectivity") |
439 | (description | |
440 | "Remote terminal application that allows roaming, supports intermittent | |
441 | connectivity, and provides intelligent local echo and line editing of user | |
442 | keystrokes. Mosh is a replacement for SSH. It's more robust and responsive, | |
443 | especially over Wi-Fi, cellular, and long-distance links.") | |
444 | (license license:gpl3+))) | |
8c6cfd55 | 445 | |
c9a6a36f SR |
446 | (define-public et |
447 | (package | |
448 | (name "et") | |
449 | (version "3.1.0") | |
450 | (source | |
451 | (origin | |
1be06dda TGR |
452 | (method git-fetch) |
453 | (uri (git-reference | |
454 | (url "https://github.com/MisterTea/EternalTCP.git") | |
455 | (commit (string-append "et-v" version)))) | |
fc32bc45 | 456 | (file-name (git-file-name name version)) |
c9a6a36f | 457 | (sha256 |
1be06dda | 458 | (base32 "1m5caxckn2ihwp9s2pbyh5amxlpwr7yc54q8s0kb10fr52w2vfnm")))) |
c9a6a36f SR |
459 | (build-system cmake-build-system) |
460 | (arguments `(#:tests? #f)) | |
461 | (native-inputs | |
462 | `(("pkg-config" ,pkg-config))) | |
463 | (inputs `(("glog" ,glog) | |
464 | ("gflags" ,gflags) | |
465 | ("libsodium" ,libsodium) | |
466 | ("protobuf" ,protobuf))) | |
467 | (synopsis "Remote shell that automatically reconnects") | |
468 | (description | |
469 | "Eternal Terminal (ET) is a remote shell that automatically reconnects | |
470 | without interrupting the session. Unlike SSH sessions, ET sessions will | |
839ee8d5 TGR |
471 | survive even network outages and IP changes. ET uses a custom protocol over |
472 | TCP, not the SSH protocol.") | |
c9a6a36f SR |
473 | (home-page "https://mistertea.github.io/EternalTCP/") |
474 | (license license:asl2.0))) | |
475 | ||
8c6cfd55 JD |
476 | (define-public dropbear |
477 | (package | |
478 | (name "dropbear") | |
cf9ab49e | 479 | (version "2019.78") |
e190d12e TGR |
480 | (source |
481 | (origin | |
482 | (method url-fetch) | |
483 | (uri (string-append | |
484 | "https://matt.ucc.asn.au/dropbear/releases/" | |
485 | "dropbear-" version ".tar.bz2")) | |
486 | (sha256 | |
cf9ab49e | 487 | (base32 "19242qlr40pbqfqd0gg6h8qpj38q6lgv03ja6sahj9vj2abnanaj")))) |
8c6cfd55 | 488 | (build-system gnu-build-system) |
e190d12e | 489 | (arguments `(#:tests? #f)) ; there is no "make check" or anything similar |
d5612439 LF |
490 | ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least |
491 | ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674> | |
492 | ;; for more information. | |
8c6cfd55 JD |
493 | (inputs `(("zlib" ,zlib))) |
494 | (synopsis "Small SSH server and client") | |
495 | (description "Dropbear is a relatively small SSH server and | |
35b9e423 EB |
496 | client. It runs on a variety of POSIX-based platforms. Dropbear is |
497 | particularly useful for embedded systems, such as wireless routers.") | |
8c6cfd55 JD |
498 | (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html") |
499 | (license (license:x11-style "" "See file LICENSE.")))) | |
2102ae2e DC |
500 | |
501 | (define-public liboop | |
502 | (package | |
503 | (name "liboop") | |
506737f1 | 504 | (version "1.0.1") |
2102ae2e DC |
505 | (source |
506 | (origin | |
507 | (method url-fetch) | |
506737f1 TGR |
508 | (uri (string-append "http://ftp.lysator.liu.se/pub/liboop/" |
509 | name "-" version ".tar.gz")) | |
2102ae2e DC |
510 | (sha256 |
511 | (base32 | |
506737f1 | 512 | "1q0p1l72pq9k3bi7a366j2rishv7dzzkg3i6r2npsfg7cnnidbsn")))) |
2102ae2e DC |
513 | (build-system gnu-build-system) |
514 | (home-page "http://www.lysator.liu.se/liboop/") | |
515 | (synopsis "Event loop library") | |
516 | (description "Liboop is a low-level event loop management library for | |
517 | POSIX-based operating systems. It supports the development of modular, | |
518 | multiplexed applications which may respond to events from several sources. It | |
519 | replaces the \"select() loop\" and allows the registration of event handlers | |
520 | for file and network I/O, timers and signals. Since processes use these | |
521 | mechanisms for almost all external communication, liboop can be used as the | |
522 | basis for almost any application.") | |
523 | (license license:lgpl2.1+))) | |
524 | ||
525 | (define-public lsh | |
526 | (package | |
527 | (name "lsh") | |
528 | (version "2.1") | |
529 | (source (origin | |
530 | (method url-fetch) | |
531 | (uri (string-append "mirror://gnu/lsh/lsh-" | |
532 | version ".tar.gz")) | |
533 | (sha256 | |
534 | (base32 | |
535 | "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb")) | |
536 | (modules '((guix build utils))) | |
537 | (snippet | |
538 | '(begin | |
539 | (substitute* "src/testsuite/functions.sh" | |
540 | (("localhost") | |
541 | ;; Avoid host name lookups since they don't work in | |
542 | ;; chroot builds. | |
543 | "127.0.0.1") | |
544 | (("set -e") | |
545 | ;; Make tests more verbose. | |
546 | "set -e\nset -x")) | |
547 | ||
548 | (substitute* (find-files "src/testsuite" "-test$") | |
549 | (("localhost") "127.0.0.1")) | |
550 | ||
551 | (substitute* "src/testsuite/login-auth-test" | |
6cbee49d MW |
552 | (("/bin/cat") "cat")) |
553 | #t)))) | |
2102ae2e DC |
554 | (build-system gnu-build-system) |
555 | (native-inputs | |
556 | `(("m4" ,m4) | |
557 | ("guile" ,guile-2.0) | |
558 | ("gperf" ,gperf) | |
559 | ("psmisc" ,psmisc))) ; for `killall' | |
560 | (inputs | |
561 | `(("nettle" ,nettle-2) | |
562 | ("linux-pam" ,linux-pam) | |
563 | ||
564 | ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in | |
565 | ;; Readline 6.3. | |
566 | ("readline" ,readline-6.2) | |
567 | ||
568 | ("liboop" ,liboop) | |
569 | ("zlib" ,zlib) | |
570 | ("gmp" ,gmp) | |
571 | ||
572 | ;; The server (lshd) invokes xauth when X11 forwarding is requested. | |
573 | ;; This adds 24 MiB (or 27%) to the closure of lsh. | |
574 | ("xauth" ,xauth))) | |
575 | (arguments | |
576 | '(;; Skip the `configure' test that checks whether /dev/ptmx & | |
577 | ;; co. work as expected, because it relies on impurities (for | |
578 | ;; instance, /dev/pts may be unavailable in chroots.) | |
d5c969ce LC |
579 | #:configure-flags '("lsh_cv_sys_unix98_ptys=yes" |
580 | ||
581 | ;; Use glibc's argp rather than the bundled one. | |
582 | "--with-system-argp" | |
583 | ||
584 | ;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing | |
585 | ;; defines it. | |
586 | "CPPFLAGS=-DHAVE_ARGP_PARSE") | |
2102ae2e DC |
587 | |
588 | ;; FIXME: Tests won't run in a chroot, presumably because | |
589 | ;; /etc/profile is missing, and thus clients get an empty $PATH | |
590 | ;; and nothing works. | |
591 | #:tests? #f | |
592 | ||
593 | #:phases | |
594 | (modify-phases %standard-phases | |
595 | (add-before 'configure 'pre-configure | |
596 | (lambda* (#:key inputs #:allow-other-keys) | |
597 | (let* ((nettle (assoc-ref inputs "nettle")) | |
598 | (sexp-conv (string-append nettle "/bin/sexp-conv"))) | |
d5c969ce LC |
599 | ;; Remove argp from the list of sub-directories; we don't want |
600 | ;; to build it, really. | |
601 | (substitute* "src/Makefile.in" | |
602 | (("^SUBDIRS = argp") | |
603 | "SUBDIRS =")) | |
604 | ||
2102ae2e DC |
605 | ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place |
606 | ;; by default. | |
607 | (substitute* "src/environ.h.in" | |
608 | (("^#define PATH_SEXP_CONV.*") | |
609 | (string-append "#define PATH_SEXP_CONV \"" | |
610 | sexp-conv "\"\n"))) | |
611 | ||
612 | ;; Same for the 'lsh-authorize' script. | |
613 | (substitute* "src/lsh-authorize" | |
614 | (("=sexp-conv") | |
615 | (string-append "=" sexp-conv))) | |
616 | ||
617 | ;; Tell lshd where 'xauth' lives. Another option would be to | |
618 | ;; hardcode "/run/current-system/profile/bin/xauth", thereby | |
619 | ;; reducing the closure size, but that wouldn't work on foreign | |
620 | ;; distros. | |
621 | (with-fluids ((%default-port-encoding "ISO-8859-1")) | |
622 | (substitute* "src/server_x11.c" | |
623 | (("define XAUTH_PROGRAM.*") | |
624 | (string-append "define XAUTH_PROGRAM \"" | |
625 | (assoc-ref inputs "xauth") | |
626 | "/bin/xauth\"\n"))))) | |
627 | ||
628 | ;; Tests rely on $USER being set. | |
629 | (setenv "USER" "guix")))))) | |
630 | (home-page "http://www.lysator.liu.se/~nisse/lsh/") | |
631 | (synopsis "GNU implementation of the Secure Shell (ssh) protocols") | |
632 | (description | |
633 | "GNU lsh is a free implementation of the SSH version 2 protocol. It is | |
634 | used to create a secure line of communication between two computers, | |
635 | providing shell access to the server system from the client. It provides | |
636 | both the server daemon and the client application, as well as tools for | |
637 | manipulating key files.") | |
638 | (license license:gpl2+))) | |
c777570b NG |
639 | |
640 | (define-public sshpass | |
641 | (package | |
642 | (name "sshpass") | |
643 | (version "1.06") | |
644 | (synopsis "Non-interactive password authentication with SSH") | |
645 | (home-page "https://sourceforge.net/projects/sshpass/") | |
646 | (source | |
647 | (origin | |
648 | (method url-fetch) | |
649 | (uri (string-append "mirror://sourceforge/sshpass/sshpass/" | |
650 | version "/sshpass-" version ".tar.gz")) | |
651 | (sha256 | |
652 | (base32 | |
653 | "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6")))) | |
654 | (build-system gnu-build-system) | |
655 | (description "sshpass is a tool for non-interactivly performing password | |
656 | authentication with SSH's so-called @dfn{interactive keyboard password | |
657 | authentication}.") | |
658 | (license license:gpl2+))) | |
8caeb117 CAW |
659 | |
660 | (define-public autossh | |
661 | (package | |
662 | (name "autossh") | |
d6bbb7e5 | 663 | (version "1.4g") |
8caeb117 CAW |
664 | (source |
665 | (origin | |
666 | (method url-fetch) | |
667 | (uri (string-append | |
26045af9 | 668 | "https://www.harding.motd.ca/autossh/autossh-" |
8caeb117 CAW |
669 | version ".tgz")) |
670 | (sha256 | |
d6bbb7e5 | 671 | (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz")))) |
8caeb117 CAW |
672 | (build-system gnu-build-system) |
673 | (arguments `(#:tests? #f)) ; There is no "make check" or anything similar | |
674 | (inputs `(("openssh" ,openssh))) | |
675 | (synopsis "Automatically restart SSH sessions and tunnels") | |
676 | (description "autossh is a program to start a copy of @command{ssh} and | |
677 | monitor it, restarting it as necessary should it die or stop passing traffic.") | |
26045af9 | 678 | (home-page "https://www.harding.motd.ca/autossh/") |
8caeb117 CAW |
679 | (license |
680 | ;; Why point to a source file? Well, all the individual files have a | |
681 | ;; copy of this license in their headers, but there's no separate file | |
682 | ;; with that information. | |
683 | (license:non-copyleft "file://autossh.c")))) | |
227dbd84 RW |
684 | |
685 | (define-public pdsh | |
686 | (package | |
687 | (name "pdsh") | |
b982fb1c | 688 | (version "2.33") |
227dbd84 RW |
689 | (source |
690 | (origin | |
691 | (method url-fetch) | |
b982fb1c | 692 | (uri (string-append "https://github.com/chaos/pdsh/" |
693 | "releases/download/pdsh-" version | |
694 | "/pdsh-" version ".tar.gz")) | |
695 | (file-name (string-append name "-" version ".tar.gz")) | |
227dbd84 | 696 | (sha256 |
b982fb1c | 697 | (base32 "0bwlkl9inj66iwvafg00pi3sk9n673phdi0kcc59y9nn55s0hs3k")))) |
227dbd84 RW |
698 | (build-system gnu-build-system) |
699 | (arguments | |
700 | `(#:configure-flags | |
701 | (list "--with-ssh") | |
702 | #:phases | |
703 | (modify-phases %standard-phases | |
704 | (add-after 'unpack 'patch-/bin/sh | |
705 | (lambda _ | |
b982fb1c | 706 | (substitute* '("tests/t0006-pdcp.sh" |
707 | "tests/t0004-module-loading.sh" | |
708 | "tests/t2001-ssh.sh" | |
709 | "tests/t1003-slurm.sh" | |
710 | "tests/t6036-long-output-lines.sh" | |
711 | "tests/aggregate-results.sh" | |
712 | "tests/t2000-exec.sh" | |
713 | "tests/t0002-internal.sh" | |
714 | "tests/t1002-dshgroup.sh" | |
715 | "tests/t5000-dshbak.sh" | |
716 | "tests/t0001-basic.sh" | |
717 | "tests/t0005-rcmd_type-and-user.sh" | |
227dbd84 | 718 | "tests/test-lib.sh" |
b982fb1c | 719 | "tests/t2002-mrsh.sh" |
720 | "tests/t0003-wcoll.sh" | |
227dbd84 RW |
721 | "tests/test-modules/pcptest.c") |
722 | (("/bin/sh") (which "bash"))) | |
b982fb1c | 723 | #t)) |
724 | (add-after 'unpack 'patch-tests | |
725 | (lambda _ | |
726 | (substitute* "tests/t6036-long-output-lines.sh" | |
727 | (("which") (which "which"))) | |
227dbd84 RW |
728 | #t))))) |
729 | (inputs | |
730 | `(("openssh" ,openssh) | |
731 | ("mit-krb5" ,mit-krb5) | |
732 | ("perl" ,perl))) | |
b982fb1c | 733 | (native-inputs |
734 | `(("which" ,which))) | |
735 | (home-page "https://github.com/chaos/pdsh") | |
227dbd84 RW |
736 | (synopsis "Parallel distributed shell") |
737 | (description "Pdsh is a an efficient, multithreaded remote shell client | |
738 | which executes commands on multiple remote hosts in parallel. Pdsh implements | |
739 | dynamically loadable modules for extended functionality such as new remote | |
740 | shell services and remote host selection.") | |
741 | (license license:gpl2+))) | |
ae72b8f5 MG |
742 | |
743 | (define-public clustershell | |
744 | (package | |
745 | (name "clustershell") | |
40f24301 | 746 | (version "1.8.2") |
ae72b8f5 MG |
747 | (source |
748 | (origin | |
749 | (method url-fetch) | |
40f24301 EF |
750 | (uri (string-append "https://github.com/cea-hpc/clustershell/releases" |
751 | "/download/v" version | |
752 | "/ClusterShell-" version ".tar.gz")) | |
ae72b8f5 | 753 | (sha256 |
40f24301 | 754 | (base32 "1gz2g85wpk35n1fp31q753w01y3p8abm7dnbas28q4yjyvikqw75")))) |
ae72b8f5 MG |
755 | (build-system python-build-system) |
756 | (inputs `(("openssh" ,openssh))) | |
757 | (propagated-inputs `(("python-pyyaml" ,python-pyyaml))) | |
758 | (arguments | |
759 | `(#:phases (modify-phases %standard-phases | |
760 | (add-before 'build 'record-openssh-file-name | |
761 | (lambda* (#:key inputs #:allow-other-keys) | |
762 | (let ((ssh (assoc-ref inputs "openssh"))) | |
763 | (substitute* "lib/ClusterShell/Worker/Ssh.py" | |
764 | (("info\\(\"ssh_path\"\\) or \"ssh\"") | |
765 | (string-append "info(\"ssh_path\") or \"" | |
766 | ssh "/bin/ssh\""))) | |
767 | #t)))))) | |
768 | (home-page "https://cea-hpc.github.io/clustershell/") | |
769 | (synopsis "Scalable event-driven Python framework for cluster administration") | |
770 | (description | |
771 | "ClusterShell is an event-driven Python framework, designed to run local | |
772 | or distant commands in parallel on server farms or on large GNU/Linux | |
773 | clusters. It will take care of common issues encountered on HPC clusters, | |
774 | such as operating on groups of nodes, running distributed commands using | |
775 | optimized execution algorithms, as well as gathering results and merging | |
776 | identical outputs, or retrieving return codes. ClusterShell takes advantage | |
777 | of existing remote shell facilities such as SSH.") | |
778 | (license license:lgpl2.1+))) | |
87007947 EF |
779 | |
780 | (define-public endlessh | |
781 | (package | |
782 | (name "endlessh") | |
783 | (version "1.0") | |
784 | (source | |
785 | (origin | |
786 | (method url-fetch) | |
787 | (uri (string-append "https://github.com/skeeto/endlessh/releases/" | |
788 | "download/" version "/endlessh-" version ".tar.xz")) | |
789 | (sha256 | |
790 | (base32 | |
791 | "0hhsr65hzrcb7ylskmxyr92svzndhks8hqzn8hvg7f7j89rkvq5k")))) | |
792 | (build-system gnu-build-system) | |
793 | (arguments | |
794 | '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) | |
795 | "CC=gcc") | |
796 | #:tests? #f ; no test target | |
797 | #:phases | |
798 | (modify-phases %standard-phases | |
799 | (delete 'configure)))) ; no configure script | |
800 | (home-page "https://github.com/skeeto/endlessh") | |
801 | (synopsis "SSH tarpit that slowly sends an endless banner") | |
802 | (description | |
803 | "Endlessh is an SSH tarpit that very slowly sends an endless, random SSH | |
804 | banner. It keeps SSH clients locked up for hours or even days at a time. The | |
805 | purpose is to put your real SSH server on another port and then let the script | |
806 | kiddies get stuck in this tarpit instead of bothering a real server. | |
807 | ||
808 | Since the tarpit is in the banner before any cryptographic exchange occurs, this | |
809 | program doesn't depend on any cryptographic libraries. It's a simple, | |
810 | single-threaded, standalone C program. It uses @code{poll()} to trap multiple | |
811 | clients at a time.") | |
812 | (license license:unlicense))) |