Commit | Line | Data |
---|---|---|
2fbf053b | 1 | ;;; GNU Guix --- Functional package management for GNU |
06ed5982 | 2 | ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr> |
45f2ffb4 | 3 | ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> |
dec3e015 | 4 | ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> |
78d80c5c | 5 | ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> |
2fbf053b AE |
6 | ;;; |
7 | ;;; This file is part of GNU Guix. | |
8 | ;;; | |
9 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
10 | ;;; under the terms of the GNU General Public License as published by | |
11 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
12 | ;;; your option) any later version. | |
13 | ;;; | |
14 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
15 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | ;;; GNU General Public License for more details. | |
18 | ;;; | |
19 | ;;; You should have received a copy of the GNU General Public License | |
20 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
21 | ||
22 | (define-module (gnu packages ssh) | |
b5b73a82 | 23 | #:use-module ((guix licenses) #:prefix license:) |
2fbf053b AE |
24 | #:use-module (gnu packages compression) |
25 | #:use-module (gnu packages gnupg) | |
fe0b8a78 | 26 | #:use-module (gnu packages groff) |
3e778ad3 | 27 | #:use-module (gnu packages elf) |
49d294e5 LC |
28 | #:use-module (gnu packages guile) |
29 | #:use-module (gnu packages pkg-config) | |
30 | #:use-module (gnu packages autotools) | |
00ee3a71 | 31 | #:use-module (gnu packages texinfo) |
87bf526b LC |
32 | #:use-module (gnu packages perl) |
33 | #:use-module (gnu packages ncurses) | |
34 | #:autoload (gnu packages protobuf) (protobuf) | |
35 | #:autoload (gnu packages boost) (boost) | |
ce0614dd | 36 | #:use-module (gnu packages base) |
cc2b77df | 37 | #:use-module (gnu packages tls) |
9c333da6 | 38 | #:use-module (gnu packages) |
2fbf053b AE |
39 | #:use-module (guix packages) |
40 | #:use-module (guix download) | |
817efe8b | 41 | #:use-module (guix git-download) |
1681cd4a LC |
42 | #:use-module (guix build-system gnu) |
43 | #:use-module (guix build-system cmake)) | |
44 | ||
45 | (define-public libssh | |
46 | (package | |
47 | (name "libssh") | |
85267efb | 48 | (version "0.7.3") |
1681cd4a LC |
49 | (source (origin |
50 | (method url-fetch) | |
87390c15 | 51 | (uri (string-append |
85267efb | 52 | "https://red.libssh.org/attachments/download/195/libssh-" |
87390c15 | 53 | version ".tar.xz")) |
1681cd4a LC |
54 | (sha256 |
55 | (base32 | |
85267efb | 56 | "165g49i4kmm3bfsjm0n8hm21kadv79g9yjqyq09138jxanz4dvr6")))) |
1681cd4a | 57 | (build-system cmake-build-system) |
deed349b | 58 | (arguments |
06ed5982 | 59 | '(#:configure-flags '("-DWITH_GCRYPT=ON") |
deed349b LC |
60 | |
61 | ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite. | |
06ed5982 | 62 | #:tests? #f)) |
1681cd4a | 63 | (inputs `(("zlib" ,zlib) |
b3546174 | 64 | ("libgcrypt" ,libgcrypt))) |
1681cd4a LC |
65 | (synopsis "SSH client library") |
66 | (description | |
67 | "libssh is a C library implementing the SSHv2 and SSHv1 protocol for | |
68 | client and server implementations. With libssh, you can remotely execute | |
69 | programs, transfer files, and use a secure and transparent tunnel for your | |
70 | remote applications.") | |
71 | (home-page "http://www.libssh.org") | |
72 | (license license:lgpl2.1+))) | |
2fbf053b | 73 | |
85267efb | 74 | (define libssh-0.6 ; kept private for use in guile-ssh |
9c333da6 | 75 | (package (inherit libssh) |
85267efb | 76 | (version "0.6.5") |
9c333da6 LC |
77 | (source (origin |
78 | (method url-fetch) | |
85267efb LF |
79 | (uri (string-append "https://red.libssh.org/attachments/" |
80 | "download/121/libssh-" | |
81 | version ".tar.xz")) | |
9c333da6 LC |
82 | (sha256 |
83 | (base32 | |
85267efb | 84 | "0b6wyx6bwbb8jpn8x4rhlrdiqwqrwrs0mxjmrnqykm9kw1ijgm8g")) |
fc1adab1 AK |
85 | (patches (search-patches |
86 | "libssh-0.6.5-CVE-2016-0739.patch")))))) | |
9c333da6 | 87 | |
2fbf053b AE |
88 | (define-public libssh2 |
89 | (package | |
90 | (name "libssh2") | |
78d80c5c | 91 | (version "1.7.0") |
2fbf053b AE |
92 | (source (origin |
93 | (method url-fetch) | |
94 | (uri (string-append | |
78d80c5c | 95 | "https://www.libssh2.org/download/libssh2-" |
2fbf053b | 96 | version ".tar.gz")) |
78d80c5c LF |
97 | (sha256 |
98 | (base32 | |
99 | "116mh112w48vv9k3f15ggp5kxw5sj4b88dzb5j69llsh7ba1ymp4")))) | |
2fbf053b | 100 | (build-system gnu-build-system) |
e9c14f37 EB |
101 | ;; The installed libssh2.pc file does not include paths to libgcrypt and |
102 | ;; zlib libraries, so we need to propagate the inputs. | |
103 | (propagated-inputs `(("libgcrypt" ,libgcrypt) | |
104 | ("zlib" ,zlib))) | |
105 | (arguments '(#:configure-flags `("--with-libgcrypt"))) | |
35b9e423 | 106 | (synopsis "Client-side C library implementing the SSH2 protocol") |
2fbf053b AE |
107 | (description |
108 | "libssh2 is a library intended to allow software developers access to | |
35b9e423 | 109 | the SSH-2 protocol in an easy-to-use self-contained package. It can be built |
2fbf053b AE |
110 | into an application to perform many different tasks when communicating with |
111 | a server that supports the SSH-2 protocol.") | |
112 | (license license:bsd-3) | |
113 | (home-page "http://www.libssh2.org/"))) | |
fe0b8a78 AE |
114 | |
115 | (define-public openssh | |
116 | (package | |
117 | (name "openssh") | |
efa37529 | 118 | (version "7.2p2") |
fe0b8a78 AE |
119 | (source (origin |
120 | (method url-fetch) | |
ca2baf10 | 121 | (uri (let ((tail (string-append name "-" version ".tar.gz"))) |
087a4e9c | 122 | (list (string-append "http://openbsd.cs.fau.de/pub/OpenBSD/OpenSSH/portable/" |
ca2baf10 | 123 | tail) |
087a4e9c MW |
124 | (string-append "http://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/" |
125 | tail) | |
126 | (string-append "http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/" | |
ca2baf10 | 127 | tail)))) |
fe0b8a78 | 128 | (sha256 (base32 |
efa37529 | 129 | "132lh9aanb0wkisji1d6cmsxi520m8nh7c7i9wi6m1s3l38q29x7")))) |
fe0b8a78 AE |
130 | (build-system gnu-build-system) |
131 | (inputs `(("groff" ,groff) | |
132 | ("openssl" ,openssl) | |
133 | ("zlib" ,zlib))) | |
134 | (arguments | |
135 | `(#:test-target "tests" | |
136 | #:phases | |
a9ee11d5 RW |
137 | (modify-phases %standard-phases |
138 | (add-after 'configure 'reset-/var/empty | |
139 | (lambda* (#:key outputs #:allow-other-keys) | |
140 | (let ((out (assoc-ref outputs "out"))) | |
141 | (substitute* "Makefile" | |
142 | (("PRIVSEP_PATH=/var/empty") | |
143 | (string-append "PRIVSEP_PATH=" out "/var/empty"))) | |
144 | #t))) | |
145 | (add-before 'check 'patch-tests | |
146 | (lambda _ | |
147 | ;; remove 't-exec' regress target which requires user 'sshd' | |
148 | (substitute* "regress/Makefile" | |
149 | (("^(REGRESS_TARGETS=.*) t-exec(.*)" all pre post) | |
150 | (string-append pre post))) | |
151 | #t)) | |
152 | (replace 'install | |
36f26211 | 153 | (lambda* (#:key outputs (make-flags '()) #:allow-other-keys) |
a9ee11d5 | 154 | ;; install without host keys and system configuration files |
36f26211 RW |
155 | (and (zero? (apply system* "make" "install-nosysconf" make-flags)) |
156 | (begin | |
157 | (install-file "contrib/ssh-copy-id" | |
158 | (string-append (assoc-ref outputs "out") | |
159 | "/bin/")) | |
160 | (chmod (string-append (assoc-ref outputs "out") | |
161 | "/bin/ssh-copy-id") #o555) | |
162 | (install-file "contrib/ssh-copy-id.1" | |
163 | (string-append (assoc-ref outputs "out") | |
164 | "/share/man/man1/")) | |
165 | #t))))))) | |
35b9e423 | 166 | (synopsis "Client and server for the secure shell (ssh) protocol") |
fe0b8a78 AE |
167 | (description |
168 | "The SSH2 protocol implemented in OpenSSH is standardised by the | |
169 | IETF secsh working group and is specified in several RFCs and drafts. | |
170 | It is composed of three layered components: | |
171 | ||
172 | The transport layer provides algorithm negotiation and a key exchange. | |
173 | The key exchange includes server authentication and results in a | |
174 | cryptographically secured connection: it provides integrity, confidentiality | |
175 | and optional compression. | |
176 | ||
177 | The user authentication layer uses the established connection and relies on | |
35b9e423 EB |
178 | the services provided by the transport layer. It provides several mechanisms |
179 | for user authentication. These include traditional password authentication | |
fe0b8a78 AE |
180 | as well as public-key or host-based authentication mechanisms. |
181 | ||
182 | The connection layer multiplexes many different concurrent channels over the | |
183 | authenticated connection and allows tunneling of login sessions and | |
35b9e423 | 184 | TCP-forwarding. It provides a flow control service for these channels. |
fe0b8a78 | 185 | Additionally, various channel-specific options can be negotiated.") |
166191b3 | 186 | (license (license:non-copyleft "file://LICENSE" |
fe0b8a78 AE |
187 | "See LICENSE in the distribution.")) |
188 | (home-page "http://www.openssh.org/"))) | |
189 | ||
49d294e5 LC |
190 | (define-public guile-ssh |
191 | (package | |
192 | (name "guile-ssh") | |
319007c5 | 193 | (version "0.9.0") |
49d294e5 | 194 | (source (origin |
44fd0994 LC |
195 | ;; ftp://memory-heap.org/software/guile-ssh/guile-ssh-VERSION.tar.gz |
196 | ;; exists, but the server appears to be too slow and unreliable. | |
817efe8b LC |
197 | (method git-fetch) |
198 | (uri (git-reference | |
199 | (url "https://github.com/artyom-poptsov/libguile-ssh.git") | |
46ffff90 | 200 | (commit (string-append "v" version)))) |
821f4dc2 | 201 | (file-name (string-append name "-" version "-checkout")) |
49d294e5 LC |
202 | (sha256 |
203 | (base32 | |
319007c5 | 204 | "04zs1cykwdyj51ag62ymrkgsja9dbhbaaglkvbfbac0bkxl2ir6d")))) |
49d294e5 LC |
205 | (build-system gnu-build-system) |
206 | (arguments | |
9dcd1b3b MW |
207 | '(#:phases (alist-cons-after |
208 | 'unpack 'autoreconf | |
49d294e5 | 209 | (lambda* (#:key inputs #:allow-other-keys) |
817efe8b | 210 | (chmod "doc/version.texi" #o777) ;make it writable |
49d294e5 LC |
211 | (zero? (system* "autoreconf" "-vfi"))) |
212 | (alist-cons-after | |
213 | 'install 'fix-libguile-ssh-file-name | |
214 | (lambda* (#:key outputs #:allow-other-keys) | |
215 | (let* ((out (assoc-ref outputs "out")) | |
216 | (libdir (string-append out "/lib")) | |
217 | (guiledir (string-append out | |
218 | "/share/guile/site/2.0"))) | |
219 | (substitute* (find-files guiledir ".scm") | |
220 | (("\"libguile-ssh\"") | |
221 | (string-append "\"" libdir "/libguile-ssh\""))) | |
222 | ||
223 | ;; Make sure it works. | |
224 | (setenv "GUILE_LOAD_PATH" guiledir) | |
225 | (setenv "GUILE_LOAD_COMPILED_PATH" guiledir) | |
843b1962 LC |
226 | (zero? |
227 | (system* "guile" "-c" "(use-modules (ssh session))")))) | |
49d294e5 LC |
228 | %standard-phases)) |
229 | #:configure-flags (list (string-append "--with-guilesitedir=" | |
230 | (assoc-ref %outputs "out") | |
00ee3a71 LC |
231 | "/share/guile/site/2.0")) |
232 | ||
afde8da3 LC |
233 | ;; Tests are not parallel-safe. |
234 | #:parallel-tests? #f)) | |
49d294e5 LC |
235 | (native-inputs `(("autoconf" ,autoconf) |
236 | ("automake" ,automake) | |
3246cc91 | 237 | ("libtool" ,libtool) |
00ee3a71 | 238 | ("texinfo" ,texinfo) |
49d294e5 LC |
239 | ("pkg-config" ,pkg-config) |
240 | ("which" ,which))) | |
241 | (inputs `(("guile" ,guile-2.0) | |
85267efb | 242 | ("libssh" ,libssh-0.6) |
44fd0994 | 243 | ("libgcrypt" ,libgcrypt))) |
49d294e5 LC |
244 | (synopsis "Guile bindings to libssh") |
245 | (description | |
246 | "Guile-SSH is a library that provides access to the SSH protocol for | |
247 | programs written in GNU Guile interpreter. It is a wrapper to the underlying | |
248 | libssh library.") | |
249 | (home-page "https://github.com/artyom-poptsov/libguile-ssh") | |
250 | (license license:gpl3+))) | |
513e1950 SHT |
251 | |
252 | (define-public corkscrew | |
253 | (package | |
254 | (name "corkscrew") | |
255 | (version "2.0") | |
256 | (source | |
257 | (origin | |
258 | (method url-fetch) | |
259 | (uri (string-append "http://www.agroman.net/corkscrew/corkscrew-" | |
260 | version ".tar.gz")) | |
261 | (sha256 (base32 | |
262 | "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd")))) | |
263 | (build-system gnu-build-system) | |
264 | (arguments | |
265 | ;; Replace configure phase as the ./configure script does not link | |
266 | ;; CONFIG_SHELL and SHELL passed as parameters | |
267 | '(#:phases | |
268 | (alist-replace | |
269 | 'configure | |
7a345762 | 270 | (lambda* (#:key outputs inputs system build target |
513e1950 SHT |
271 | #:allow-other-keys #:rest args) |
272 | (let* ((configure (assoc-ref %standard-phases 'configure)) | |
273 | (prefix (assoc-ref outputs "out")) | |
274 | (bash (which "bash")) | |
275 | ;; Set --build and --host flags as the provided config.guess | |
276 | ;; is not able to detect them | |
277 | (flags `(,(string-append "--prefix=" prefix) | |
7a345762 MW |
278 | ,(string-append "--build=" build) |
279 | ,(string-append "--host=" (or target build))))) | |
513e1950 SHT |
280 | (setenv "CONFIG_SHELL" bash) |
281 | (zero? (apply system* bash | |
282 | (string-append "." "/configure") | |
283 | flags)))) | |
284 | %standard-phases))) | |
285 | (home-page "http://www.agroman.net/corkscrew") | |
9e771e3b | 286 | (synopsis "Tunneling SSH through HTTP proxies") |
513e1950 SHT |
287 | (description |
288 | "Corkscrew allows creating TCP tunnels through HTTP proxies. WARNING: | |
289 | At the moment only plain text authentication is supported, should you require | |
290 | to use it with your HTTP proxy. Digest based authentication may be supported | |
291 | in future and NTLM based authentication is most likey never be supported.") | |
292 | (license license:gpl2+))) | |
87bf526b LC |
293 | |
294 | (define-public mosh | |
295 | (package | |
296 | (name "mosh") | |
2e136987 | 297 | (version "1.2.5") |
87bf526b LC |
298 | (source (origin |
299 | (method url-fetch) | |
2e136987 | 300 | (uri (string-append "https://mosh.mit.edu/mosh-" |
87bf526b LC |
301 | version ".tar.gz")) |
302 | (sha256 | |
303 | (base32 | |
2e136987 | 304 | "1qsb0y882yfgwnpy6f98pi5xqm6kykdsrxzvaal37hs7szjhky0s")))) |
87bf526b LC |
305 | (build-system gnu-build-system) |
306 | (arguments | |
307 | '(#:phases (alist-cons-after | |
308 | 'install 'wrap | |
309 | (lambda* (#:key outputs #:allow-other-keys) | |
310 | ;; Make sure 'mosh' can find 'mosh-client' and | |
311 | ;; 'mosh-server'. | |
312 | (let* ((out (assoc-ref outputs "out")) | |
313 | (bin (string-append out "/bin"))) | |
314 | (wrap-program (string-append bin "/mosh") | |
315 | `("PATH" ":" prefix (,bin))))) | |
316 | %standard-phases))) | |
317 | (native-inputs | |
318 | `(("pkg-config" ,pkg-config))) | |
319 | (inputs | |
320 | `(("openssl" ,openssl) | |
321 | ("perl" ,perl) | |
322 | ("perl-io-tty" ,perl-io-tty) | |
323 | ("zlib" ,zlib) | |
324 | ("ncurses" ,ncurses) | |
325 | ("protobuf" ,protobuf) | |
326 | ("boost-headers" ,boost))) | |
327 | (home-page "http://mosh.mit.edu/") | |
328 | (synopsis "Remote shell tolerant to intermittent connectivity") | |
329 | (description | |
330 | "Remote terminal application that allows roaming, supports intermittent | |
331 | connectivity, and provides intelligent local echo and line editing of user | |
332 | keystrokes. Mosh is a replacement for SSH. It's more robust and responsive, | |
333 | especially over Wi-Fi, cellular, and long-distance links.") | |
334 | (license license:gpl3+))) | |
8c6cfd55 JD |
335 | |
336 | (define-public dropbear | |
337 | (package | |
338 | (name "dropbear") | |
ff22f01d | 339 | (version "2016.72") |
8c6cfd55 JD |
340 | (source (origin |
341 | (method url-fetch) | |
342 | (uri (string-append | |
dec3e015 | 343 | "https://matt.ucc.asn.au/" name "/releases/" |
a124bbd2 | 344 | name "-" version ".tar.bz2")) |
8c6cfd55 | 345 | (sha256 |
dec3e015 | 346 | (base32 |
ff22f01d | 347 | "10fnlaf6rm537v3rml1gnd58d42plv2q5cp7svbrysap69npc8wk")))) |
8c6cfd55 JD |
348 | (build-system gnu-build-system) |
349 | (arguments `(#:tests? #f)) ; There is no "make check" or anything similar | |
350 | (inputs `(("zlib" ,zlib))) | |
351 | (synopsis "Small SSH server and client") | |
352 | (description "Dropbear is a relatively small SSH server and | |
35b9e423 EB |
353 | client. It runs on a variety of POSIX-based platforms. Dropbear is |
354 | particularly useful for embedded systems, such as wireless routers.") | |
8c6cfd55 JD |
355 | (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html") |
356 | (license (license:x11-style "" "See file LICENSE.")))) |