HCoop / jackhill / guix / guix.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
gnu: r-rspectra: Update to 0.16-0.
[jackhill/guix/guix.git] / gnu / packages / ssh.scm
... / ...
CommitLineData
1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
3;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
4;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
5;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
6;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name>
7;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
8;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
9;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
10;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
11;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
12;;; Copyright © 2017 ng0 <ng0@n0.is>
13;;; Copyright © 2018 Manuel Graf <graf@init.at>
14;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
15;;;
16;;; This file is part of GNU Guix.
17;;;
18;;; GNU Guix is free software; you can redistribute it and/or modify it
19;;; under the terms of the GNU General Public License as published by
20;;; the Free Software Foundation; either version 3 of the License, or (at
21;;; your option) any later version.
22;;;
23;;; GNU Guix is distributed in the hope that it will be useful, but
24;;; WITHOUT ANY WARRANTY; without even the implied warranty of
25;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26;;; GNU General Public License for more details.
27;;;
28;;; You should have received a copy of the GNU General Public License
29;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
30
31(define-module (gnu packages ssh)
32 #:use-module (gnu packages)
33 #:use-module (gnu packages autotools)
34 #:use-module (gnu packages base)
35 #:autoload (gnu packages boost) (boost)
36 #:use-module (gnu packages compression)
37 #:use-module (gnu packages crypto)
38 #:use-module (gnu packages elf)
39 #:use-module (gnu packages gnupg)
40 #:use-module (gnu packages gperf)
41 #:use-module (gnu packages groff)
42 #:use-module (gnu packages guile)
43 #:use-module (gnu packages libedit)
44 #:use-module (gnu packages linux)
45 #:use-module (gnu packages logging)
46 #:use-module (gnu packages m4)
47 #:use-module (gnu packages multiprecision)
48 #:use-module (gnu packages ncurses)
49 #:use-module (gnu packages nettle)
50 #:use-module (gnu packages kerberos)
51 #:use-module (gnu packages perl)
52 #:use-module (gnu packages pkg-config)
53 #:use-module (gnu packages popt)
54 #:autoload (gnu packages protobuf) (protobuf)
55 #:use-module (gnu packages python)
56 #:use-module (gnu packages python-xyz)
57 #:use-module (gnu packages readline)
58 #:use-module (gnu packages texinfo)
59 #:use-module (gnu packages tls)
60 #:use-module (gnu packages xorg)
61 #:use-module (guix build-system cmake)
62 #:use-module (guix build-system gnu)
63 #:use-module (guix build-system python)
64 #:use-module (guix download)
65 #:use-module (guix git-download)
66 #:use-module ((guix licenses) #:prefix license:)
67 #:use-module (guix packages)
68 #:use-module (guix utils)
69 #:use-module (srfi srfi-1))
70
71(define-public libssh
72 (package
73 (name "libssh")
74 (version "0.9.2")
75 (source (origin
76 (method git-fetch)
77 (uri (git-reference
78 (url "https://git.libssh.org/projects/libssh.git")
79 (commit (string-append "libssh-" version))))
80 (sha256
81 (base32
82 "14g4rvp91skn2hlsjyhkv58vhng65xrf34cfqffixa4al869hzgj"))
83 (file-name (git-file-name name version))))
84 (build-system cmake-build-system)
85 (outputs '("out" "debug"))
86 (arguments
87 '(#:configure-flags '("-DWITH_GCRYPT=ON")
88
89 #:phases (modify-phases %standard-phases
90 (add-before 'configure 'avoid-werror
91 (lambda _
92 ;; Avoid '-Werror'. Presumably this works fine with
93 ;; gcc@8 on x86_64 but leads to errors with our older
94 ;; compiler.
95 (substitute* "CompilerChecks.cmake"
96 (("-Werror=") "-W"))
97 #t)))
98
99 ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
100 #:tests? #f))
101 (inputs `(("zlib" ,zlib)
102 ("libgcrypt" ,libgcrypt)))
103 (synopsis "SSH client library")
104 (description
105 "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client
106and server implementations. With libssh, you can remotely execute programs,
107transfer files, and use a secure and transparent tunnel for your remote
108applications.")
109 (home-page "https://www.libssh.org")
110 (license license:lgpl2.1+)))
111
112(define-public libssh2
113 (package
114 (name "libssh2")
115 (version "1.9.0")
116 (source (origin
117 (method url-fetch)
118 (uri (string-append
119 "https://www.libssh2.org/download/libssh2-"
120 version ".tar.gz"))
121 (sha256
122 (base32
123 "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))))
124 (build-system gnu-build-system)
125 ;; The installed libssh2.pc file does not include paths to libgcrypt and
126 ;; zlib libraries, so we need to propagate the inputs.
127 (propagated-inputs `(("libgcrypt" ,libgcrypt)
128 ("zlib" ,zlib)))
129 (arguments `(#:configure-flags `("--with-libgcrypt")))
130 (synopsis "Client-side C library implementing the SSH2 protocol")
131 (description
132 "libssh2 is a library intended to allow software developers access to
133the SSH-2 protocol in an easy-to-use self-contained package. It can be built
134into an application to perform many different tasks when communicating with
135a server that supports the SSH-2 protocol.")
136 (license license:bsd-3)
137 (home-page "https://www.libssh2.org/")))
138
139(define-public openssh
140 (package
141 (name "openssh")
142 (version "8.0p1")
143 (source (origin
144 (method url-fetch)
145 (uri (string-append "mirror://openbsd/OpenSSH/portable/"
146 name "-" version ".tar.gz"))
147 (sha256
148 (base32
149 "0s7xh4s0qcipnjh9ls5blxcpvhyd116z9dxn3q1yi64lwrwki55x"))))
150 (build-system gnu-build-system)
151 (native-inputs `(("groff" ,groff)
152 ("pkg-config" ,pkg-config)))
153 (inputs `(("libedit" ,libedit)
154 ("openssl" ,openssl)
155 ("pam" ,linux-pam)
156 ("mit-krb5" ,mit-krb5)
157 ("zlib" ,zlib)
158 ("xauth" ,xauth))) ;for 'ssh -X' and 'ssh -Y'
159 (arguments
160 `(#:test-target "tests"
161 ;; Otherwise, the test scripts try to use a nonexistent directory and
162 ;; fail.
163 #:make-flags '("REGRESSTMP=\"$${BUILDDIR}/regress\"")
164 #:configure-flags `("--sysconfdir=/etc/ssh"
165
166 ;; Default value of 'PATH' used by sshd.
167 "--with-default-path=/run/current-system/profile/bin"
168
169 ;; configure needs to find krb5-config
170 ,(string-append "--with-kerberos5="
171 (assoc-ref %build-inputs "mit-krb5")
172 "/bin")
173
174 ;; libedit needed for sftp completion
175 "--with-libedit"
176
177 ;; Enable PAM support in sshd.
178 "--with-pam")
179
180 #:phases
181 (modify-phases %standard-phases
182 (add-after 'configure 'reset-/var/empty
183 (lambda* (#:key outputs #:allow-other-keys)
184 (let ((out (assoc-ref outputs "out")))
185 (substitute* "Makefile"
186 (("PRIVSEP_PATH=/var/empty")
187 (string-append "PRIVSEP_PATH=" out "/var/empty")))
188 #t)))
189 (add-before 'check 'patch-tests
190 (lambda _
191 ;; remove 't-exec' regress target which requires user 'sshd'
192 (substitute* "regress/Makefile"
193 (("^(REGRESS_TARGETS=.*) t-exec(.*)" all pre post)
194 (string-append pre post)))
195 #t))
196 (replace 'install
197 (lambda* (#:key outputs (make-flags '()) #:allow-other-keys)
198 ;; install without host keys and system configuration files
199 (apply invoke "make" "install-nosysconf" make-flags)
200 (install-file "contrib/ssh-copy-id"
201 (string-append (assoc-ref outputs "out")
202 "/bin/"))
203 (chmod (string-append (assoc-ref outputs "out")
204 "/bin/ssh-copy-id") #o555)
205 (install-file "contrib/ssh-copy-id.1"
206 (string-append (assoc-ref outputs "out")
207 "/share/man/man1/"))
208 #t)))))
209 (synopsis "Client and server for the secure shell (ssh) protocol")
210 (description
211 "The SSH2 protocol implemented in OpenSSH is standardised by the
212IETF secsh working group and is specified in several RFCs and drafts.
213It is composed of three layered components:
214
215The transport layer provides algorithm negotiation and a key exchange.
216The key exchange includes server authentication and results in a
217cryptographically secured connection: it provides integrity, confidentiality
218and optional compression.
219
220The user authentication layer uses the established connection and relies on
221the services provided by the transport layer. It provides several mechanisms
222for user authentication. These include traditional password authentication
223as well as public-key or host-based authentication mechanisms.
224
225The connection layer multiplexes many different concurrent channels over the
226authenticated connection and allows tunneling of login sessions and
227TCP-forwarding. It provides a flow control service for these channels.
228Additionally, various channel-specific options can be negotiated.")
229 (license (license:non-copyleft "file://LICENSE"
230 "See LICENSE in the distribution."))
231 (home-page "https://www.openssh.com/")))
232
233(define-public guile-ssh
234 (package
235 (name "guile-ssh")
236 (version "0.11.3")
237 (home-page "https://github.com/artyom-poptsov/guile-ssh")
238 (source (origin
239 (method git-fetch)
240 (uri (git-reference
241 (url home-page)
242 (commit (string-append "v" version))))
243 (file-name (string-append name "-" version ".tar.gz"))
244 (sha256
245 (base32
246 "03bv3hwp2s8f0bqgfjaan9jx4dyab0abv27n2zn2g0izlidv0vl6"))
247 (modules '((guix build utils)))
248 (snippet
249 '(begin
250 ;; libssh >= 0.8.0 no longer provides libssh_threads: see
251 ;; <https://github.com/artyom-poptsov/guile-ssh/issues/9>.
252 (substitute* "libguile-ssh/Makefile.am"
253 (("-lssh_threads") ""))
254
255 ;; This test would wrongfully pick DSS keys when running on
256 ;; libssh >= 0.8.0, which fails:
257 ;; <https://github.com/artyom-poptsov/guile-ssh/issues/10>.
258 (substitute* "tests/server.scm"
259 (("= %libssh-minor-version 7")
260 ">= %libssh-minor-version 7"))
261
262 ;; Allow builds with Guile 3.0.
263 (substitute* "configure.ac"
264 (("^GUILE_PKG.*$")
265 "GUILE_PKG([3.0 2.2 2.0])\n"))
266 #t))))
267 (build-system gnu-build-system)
268 (outputs '("out" "debug"))
269 (arguments
270 '(;; It makes no sense to build libguile-ssh.a.
271 #:configure-flags '("--disable-static")
272
273 #:phases (modify-phases %standard-phases
274 (add-before 'build 'fix-libguile-ssh-file-name
275 (lambda* (#:key outputs #:allow-other-keys)
276 ;; Build and install libguile-ssh.so so that we can use
277 ;; its absolute file name in .scm files, before we build
278 ;; the .go files.
279 (let* ((out (assoc-ref outputs "out"))
280 (lib (string-append out "/lib")))
281 (invoke "make" "install"
282 "-C" "libguile-ssh"
283 "-j" (number->string
284 (parallel-job-count)))
285 (substitute* (find-files "." "\\.scm$")
286 (("\"libguile-ssh\"")
287 (string-append "\"" lib "/libguile-ssh\"")))
288 #t)))
289 (add-after 'install 'remove-bin-directory
290 (lambda* (#:key outputs #:allow-other-keys)
291 (let* ((out (assoc-ref outputs "out"))
292 (bin (string-append out "/bin"))
293 (examples (string-append
294 out "/share/guile-ssh/examples")))
295 (mkdir-p examples)
296 (rename-file (string-append bin "/ssshd.scm")
297 (string-append examples "/ssshd.scm"))
298 (rename-file (string-append bin "/sssh.scm")
299 (string-append examples "/sssh.scm"))
300 (delete-file-recursively bin)
301 #t))))
302 ;; Tests are not parallel-safe.
303 #:parallel-tests? #f))
304 (native-inputs `(("autoconf" ,autoconf)
305 ("automake" ,automake)
306 ("libtool" ,libtool)
307 ("texinfo" ,texinfo)
308 ("pkg-config" ,pkg-config)
309 ("which" ,which)))
310 (inputs `(("guile" ,guile-2.2)
311 ("libssh" ,libssh)
312 ("libgcrypt" ,libgcrypt)))
313 (synopsis "Guile bindings to libssh")
314 (description
315 "Guile-SSH is a library that provides access to the SSH protocol for
316programs written in GNU Guile interpreter. It is a wrapper to the underlying
317libssh library.")
318 (license license:gpl3+)))
319
320(define-public guile2.0-ssh
321 (package
322 (inherit guile-ssh)
323 (name "guile2.0-ssh")
324 (inputs `(("guile" ,guile-2.0)
325 ,@(alist-delete "guile" (package-inputs guile-ssh))))))
326
327(define-public guile3.0-ssh
328 (package
329 (inherit guile-ssh)
330 (name "guile3.0-ssh")
331 (arguments
332 (substitute-keyword-arguments (package-arguments guile-ssh)
333 ((#:phases phases)
334 `(modify-phases ,phases
335 (add-before 'bootstrap 'delete-old-guile-m4
336 (lambda _
337 ;; The old 'guile.m4' that's shipped would fail to recognize
338 ;; Guile 2.9 as "3.0".
339 (delete-file "m4/guile.m4")
340 #t))
341 (add-before 'build 'adjust-for-guile3
342 (lambda _
343 ;; Adjust for things that are deprecated in 2.2 and removed in
344 ;; 3.0.
345 (substitute* "tests/common.scm"
346 (("define-module \\(tests common\\)")
347 "define-module (tests common)
348 #:use-module (ice-9 threads)\n"))
349 (substitute* "modules/ssh/tunnel.scm"
350 (("define-module \\(ssh tunnel\\)")
351 "define-module (ssh tunnel)
352 #:use-module (ice-9 threads)"))
353 (substitute* "modules/srfi/srfi-64.upstream.scm"
354 (("_IOLBF")
355 "'line"))
356 #t))))))
357 (inputs `(("guile" ,guile-next)
358 ,@(alist-delete "guile" (package-inputs guile-ssh))))))
359
360(define-public corkscrew
361 (package
362 (name "corkscrew")
363 (version "2.0")
364 (source
365 (origin
366 (method url-fetch)
367 ;; The agroman.net domain name expired on 2017-03-23, and the original
368 ;; "http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz" now returns
369 ;; bogus HTML. Perhaps it will yet return. Until then, use a mirror.
370 (uri (string-append "https://downloads.openwrt.org/sources/"
371 "corkscrew-" version ".tar.gz"))
372 (sha256 (base32
373 "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd"))))
374 (build-system gnu-build-system)
375 (arguments
376 `(#:phases
377 (modify-phases %standard-phases
378 (replace 'configure
379 ;; Replace configure phase as the ./configure script does not like
380 ;; CONFIG_SHELL and SHELL passed as parameters
381 (lambda* (#:key outputs build target #:allow-other-keys)
382 (let* ((out (assoc-ref outputs "out"))
383 (bash (which "bash"))
384 ;; Set --build and --host flags as the provided config.guess
385 ;; is not able to detect them
386 (flags `(,(string-append "--prefix=" out)
387 ,(string-append "--build=" build)
388 ,(string-append "--host=" (or target build)))))
389 (setenv "CONFIG_SHELL" bash)
390 (apply invoke bash "./configure" flags))))
391 (add-after 'install 'install-documentation
392 (lambda* (#:key outputs #:allow-other-keys)
393 (let* ((out (assoc-ref outputs "out"))
394 (doc (string-append out "/share/doc/" ,name "-" ,version)))
395 (install-file "README" doc)
396 #t))))))
397 (home-page "http://www.agroman.net/corkscrew")
398 (synopsis "SSH tunneling through HTTP(S) proxies")
399 (description
400 "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
401Proxy authentication is only supported through the plain-text HTTP basic
402authentication scheme.")
403 (license license:gpl2+)))
404
405(define-public mosh
406 (package
407 (name "mosh")
408 (version "1.3.2")
409 (source (origin
410 (method url-fetch)
411 (uri (string-append "https://mosh.org/mosh-" version ".tar.gz"))
412 (sha256
413 (base32
414 "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s"))))
415 (build-system gnu-build-system)
416 (arguments
417 '(#:phases
418 (modify-phases %standard-phases
419 (add-after 'install 'wrap
420 (lambda* (#:key outputs #:allow-other-keys)
421 ;; Make sure 'mosh' can find 'mosh-client' and
422 ;; 'mosh-server'.
423 (let* ((out (assoc-ref outputs "out"))
424 (bin (string-append out "/bin")))
425 (wrap-program (string-append bin "/mosh")
426 `("PATH" ":" prefix (,bin)))))))))
427 (native-inputs
428 `(("pkg-config" ,pkg-config)))
429 (inputs
430 `(("openssl" ,openssl)
431 ("perl" ,perl)
432 ("perl-io-tty" ,perl-io-tty)
433 ("zlib" ,zlib)
434 ("ncurses" ,ncurses)
435 ("protobuf" ,protobuf)
436 ("boost-headers" ,boost)))
437 (home-page "https://mosh.org/")
438 (synopsis "Remote shell tolerant to intermittent connectivity")
439 (description
440 "Remote terminal application that allows roaming, supports intermittent
441connectivity, and provides intelligent local echo and line editing of user
442keystrokes. Mosh is a replacement for SSH. It's more robust and responsive,
443especially over Wi-Fi, cellular, and long-distance links.")
444 (license license:gpl3+)))
445
446(define-public et
447 (package
448 (name "et")
449 (version "3.1.0")
450 (source
451 (origin
452 (method git-fetch)
453 (uri (git-reference
454 (url "https://github.com/MisterTea/EternalTCP.git")
455 (commit (string-append "et-v" version))))
456 (file-name (git-file-name name version))
457 (sha256
458 (base32 "1m5caxckn2ihwp9s2pbyh5amxlpwr7yc54q8s0kb10fr52w2vfnm"))))
459 (build-system cmake-build-system)
460 (arguments `(#:tests? #f))
461 (native-inputs
462 `(("pkg-config" ,pkg-config)))
463 (inputs `(("glog" ,glog)
464 ("gflags" ,gflags)
465 ("libsodium" ,libsodium)
466 ("protobuf" ,protobuf)))
467 (synopsis "Remote shell that automatically reconnects")
468 (description
469 "Eternal Terminal (ET) is a remote shell that automatically reconnects
470without interrupting the session. Unlike SSH sessions, ET sessions will
471survive even network outages and IP changes. ET uses a custom protocol over
472TCP, not the SSH protocol.")
473 (home-page "https://mistertea.github.io/EternalTCP/")
474 (license license:asl2.0)))
475
476(define-public dropbear
477 (package
478 (name "dropbear")
479 (version "2019.78")
480 (source
481 (origin
482 (method url-fetch)
483 (uri (string-append
484 "https://matt.ucc.asn.au/dropbear/releases/"
485 "dropbear-" version ".tar.bz2"))
486 (sha256
487 (base32 "19242qlr40pbqfqd0gg6h8qpj38q6lgv03ja6sahj9vj2abnanaj"))))
488 (build-system gnu-build-system)
489 (arguments `(#:tests? #f)) ; there is no "make check" or anything similar
490 ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least
491 ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674>
492 ;; for more information.
493 (inputs `(("zlib" ,zlib)))
494 (synopsis "Small SSH server and client")
495 (description "Dropbear is a relatively small SSH server and
496client. It runs on a variety of POSIX-based platforms. Dropbear is
497particularly useful for embedded systems, such as wireless routers.")
498 (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html")
499 (license (license:x11-style "" "See file LICENSE."))))
500
501(define-public liboop
502 (package
503 (name "liboop")
504 (version "1.0.1")
505 (source
506 (origin
507 (method url-fetch)
508 (uri (string-append "http://ftp.lysator.liu.se/pub/liboop/"
509 name "-" version ".tar.gz"))
510 (sha256
511 (base32
512 "1q0p1l72pq9k3bi7a366j2rishv7dzzkg3i6r2npsfg7cnnidbsn"))))
513 (build-system gnu-build-system)
514 (home-page "http://www.lysator.liu.se/liboop/")
515 (synopsis "Event loop library")
516 (description "Liboop is a low-level event loop management library for
517POSIX-based operating systems. It supports the development of modular,
518multiplexed applications which may respond to events from several sources. It
519replaces the \"select() loop\" and allows the registration of event handlers
520for file and network I/O, timers and signals. Since processes use these
521mechanisms for almost all external communication, liboop can be used as the
522basis for almost any application.")
523 (license license:lgpl2.1+)))
524
525(define-public lsh
526 (package
527 (name "lsh")
528 (version "2.1")
529 (source (origin
530 (method url-fetch)
531 (uri (string-append "mirror://gnu/lsh/lsh-"
532 version ".tar.gz"))
533 (sha256
534 (base32
535 "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb"))
536 (modules '((guix build utils)))
537 (snippet
538 '(begin
539 (substitute* "src/testsuite/functions.sh"
540 (("localhost")
541 ;; Avoid host name lookups since they don't work in
542 ;; chroot builds.
543 "127.0.0.1")
544 (("set -e")
545 ;; Make tests more verbose.
546 "set -e\nset -x"))
547
548 (substitute* (find-files "src/testsuite" "-test$")
549 (("localhost") "127.0.0.1"))
550
551 (substitute* "src/testsuite/login-auth-test"
552 (("/bin/cat") "cat"))
553 #t))))
554 (build-system gnu-build-system)
555 (native-inputs
556 `(("m4" ,m4)
557 ("guile" ,guile-2.0)
558 ("gperf" ,gperf)
559 ("psmisc" ,psmisc))) ; for `killall'
560 (inputs
561 `(("nettle" ,nettle-2)
562 ("linux-pam" ,linux-pam)
563
564 ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in
565 ;; Readline 6.3.
566 ("readline" ,readline-6.2)
567
568 ("liboop" ,liboop)
569 ("zlib" ,zlib)
570 ("gmp" ,gmp)
571
572 ;; The server (lshd) invokes xauth when X11 forwarding is requested.
573 ;; This adds 24 MiB (or 27%) to the closure of lsh.
574 ("xauth" ,xauth)))
575 (arguments
576 '(;; Skip the `configure' test that checks whether /dev/ptmx &
577 ;; co. work as expected, because it relies on impurities (for
578 ;; instance, /dev/pts may be unavailable in chroots.)
579 #:configure-flags '("lsh_cv_sys_unix98_ptys=yes"
580
581 ;; Use glibc's argp rather than the bundled one.
582 "--with-system-argp"
583
584 ;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing
585 ;; defines it.
586 "CPPFLAGS=-DHAVE_ARGP_PARSE")
587
588 ;; FIXME: Tests won't run in a chroot, presumably because
589 ;; /etc/profile is missing, and thus clients get an empty $PATH
590 ;; and nothing works.
591 #:tests? #f
592
593 #:phases
594 (modify-phases %standard-phases
595 (add-before 'configure 'pre-configure
596 (lambda* (#:key inputs #:allow-other-keys)
597 (let* ((nettle (assoc-ref inputs "nettle"))
598 (sexp-conv (string-append nettle "/bin/sexp-conv")))
599 ;; Remove argp from the list of sub-directories; we don't want
600 ;; to build it, really.
601 (substitute* "src/Makefile.in"
602 (("^SUBDIRS = argp")
603 "SUBDIRS ="))
604
605 ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
606 ;; by default.
607 (substitute* "src/environ.h.in"
608 (("^#define PATH_SEXP_CONV.*")
609 (string-append "#define PATH_SEXP_CONV \""
610 sexp-conv "\"\n")))
611
612 ;; Same for the 'lsh-authorize' script.
613 (substitute* "src/lsh-authorize"
614 (("=sexp-conv")
615 (string-append "=" sexp-conv)))
616
617 ;; Tell lshd where 'xauth' lives. Another option would be to
618 ;; hardcode "/run/current-system/profile/bin/xauth", thereby
619 ;; reducing the closure size, but that wouldn't work on foreign
620 ;; distros.
621 (with-fluids ((%default-port-encoding "ISO-8859-1"))
622 (substitute* "src/server_x11.c"
623 (("define XAUTH_PROGRAM.*")
624 (string-append "define XAUTH_PROGRAM \""
625 (assoc-ref inputs "xauth")
626 "/bin/xauth\"\n")))))
627
628 ;; Tests rely on $USER being set.
629 (setenv "USER" "guix"))))))
630 (home-page "http://www.lysator.liu.se/~nisse/lsh/")
631 (synopsis "GNU implementation of the Secure Shell (ssh) protocols")
632 (description
633 "GNU lsh is a free implementation of the SSH version 2 protocol. It is
634used to create a secure line of communication between two computers,
635providing shell access to the server system from the client. It provides
636both the server daemon and the client application, as well as tools for
637manipulating key files.")
638 (license license:gpl2+)))
639
640(define-public sshpass
641 (package
642 (name "sshpass")
643 (version "1.06")
644 (synopsis "Non-interactive password authentication with SSH")
645 (home-page "https://sourceforge.net/projects/sshpass/")
646 (source
647 (origin
648 (method url-fetch)
649 (uri (string-append "mirror://sourceforge/sshpass/sshpass/"
650 version "/sshpass-" version ".tar.gz"))
651 (sha256
652 (base32
653 "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6"))))
654 (build-system gnu-build-system)
655 (description "sshpass is a tool for non-interactivly performing password
656authentication with SSH's so-called @dfn{interactive keyboard password
657authentication}.")
658 (license license:gpl2+)))
659
660(define-public autossh
661 (package
662 (name "autossh")
663 (version "1.4g")
664 (source
665 (origin
666 (method url-fetch)
667 (uri (string-append
668 "https://www.harding.motd.ca/autossh/autossh-"
669 version ".tgz"))
670 (sha256
671 (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz"))))
672 (build-system gnu-build-system)
673 (arguments `(#:tests? #f)) ; There is no "make check" or anything similar
674 (inputs `(("openssh" ,openssh)))
675 (synopsis "Automatically restart SSH sessions and tunnels")
676 (description "autossh is a program to start a copy of @command{ssh} and
677monitor it, restarting it as necessary should it die or stop passing traffic.")
678 (home-page "https://www.harding.motd.ca/autossh/")
679 (license
680 ;; Why point to a source file? Well, all the individual files have a
681 ;; copy of this license in their headers, but there's no separate file
682 ;; with that information.
683 (license:non-copyleft "file://autossh.c"))))
684
685(define-public pdsh
686 (package
687 (name "pdsh")
688 (version "2.33")
689 (source
690 (origin
691 (method url-fetch)
692 (uri (string-append "https://github.com/chaos/pdsh/"
693 "releases/download/pdsh-" version
694 "/pdsh-" version ".tar.gz"))
695 (file-name (string-append name "-" version ".tar.gz"))
696 (sha256
697 (base32 "0bwlkl9inj66iwvafg00pi3sk9n673phdi0kcc59y9nn55s0hs3k"))))
698 (build-system gnu-build-system)
699 (arguments
700 `(#:configure-flags
701 (list "--with-ssh")
702 #:phases
703 (modify-phases %standard-phases
704 (add-after 'unpack 'patch-/bin/sh
705 (lambda _
706 (substitute* '("tests/t0006-pdcp.sh"
707 "tests/t0004-module-loading.sh"
708 "tests/t2001-ssh.sh"
709 "tests/t1003-slurm.sh"
710 "tests/t6036-long-output-lines.sh"
711 "tests/aggregate-results.sh"
712 "tests/t2000-exec.sh"
713 "tests/t0002-internal.sh"
714 "tests/t1002-dshgroup.sh"
715 "tests/t5000-dshbak.sh"
716 "tests/t0001-basic.sh"
717 "tests/t0005-rcmd_type-and-user.sh"
718 "tests/test-lib.sh"
719 "tests/t2002-mrsh.sh"
720 "tests/t0003-wcoll.sh"
721 "tests/test-modules/pcptest.c")
722 (("/bin/sh") (which "bash")))
723 #t))
724 (add-after 'unpack 'patch-tests
725 (lambda _
726 (substitute* "tests/t6036-long-output-lines.sh"
727 (("which") (which "which")))
728 #t)))))
729 (inputs
730 `(("openssh" ,openssh)
731 ("mit-krb5" ,mit-krb5)
732 ("perl" ,perl)))
733 (native-inputs
734 `(("which" ,which)))
735 (home-page "https://github.com/chaos/pdsh")
736 (synopsis "Parallel distributed shell")
737 (description "Pdsh is a an efficient, multithreaded remote shell client
738which executes commands on multiple remote hosts in parallel. Pdsh implements
739dynamically loadable modules for extended functionality such as new remote
740shell services and remote host selection.")
741 (license license:gpl2+)))
742
743(define-public clustershell
744 (package
745 (name "clustershell")
746 (version "1.8.2")
747 (source
748 (origin
749 (method url-fetch)
750 (uri (string-append "https://github.com/cea-hpc/clustershell/releases"
751 "/download/v" version
752 "/ClusterShell-" version ".tar.gz"))
753 (sha256
754 (base32 "1gz2g85wpk35n1fp31q753w01y3p8abm7dnbas28q4yjyvikqw75"))))
755 (build-system python-build-system)
756 (inputs `(("openssh" ,openssh)))
757 (propagated-inputs `(("python-pyyaml" ,python-pyyaml)))
758 (arguments
759 `(#:phases (modify-phases %standard-phases
760 (add-before 'build 'record-openssh-file-name
761 (lambda* (#:key inputs #:allow-other-keys)
762 (let ((ssh (assoc-ref inputs "openssh")))
763 (substitute* "lib/ClusterShell/Worker/Ssh.py"
764 (("info\\(\"ssh_path\"\\) or \"ssh\"")
765 (string-append "info(\"ssh_path\") or \""
766 ssh "/bin/ssh\"")))
767 #t))))))
768 (home-page "https://cea-hpc.github.io/clustershell/")
769 (synopsis "Scalable event-driven Python framework for cluster administration")
770 (description
771 "ClusterShell is an event-driven Python framework, designed to run local
772or distant commands in parallel on server farms or on large GNU/Linux
773clusters. It will take care of common issues encountered on HPC clusters,
774such as operating on groups of nodes, running distributed commands using
775optimized execution algorithms, as well as gathering results and merging
776identical outputs, or retrieving return codes. ClusterShell takes advantage
777of existing remote shell facilities such as SSH.")
778 (license license:lgpl2.1+)))
779
780(define-public endlessh
781 (package
782 (name "endlessh")
783 (version "1.0")
784 (source
785 (origin
786 (method url-fetch)
787 (uri (string-append "https://github.com/skeeto/endlessh/releases/"
788 "download/" version "/endlessh-" version ".tar.xz"))
789 (sha256
790 (base32
791 "0hhsr65hzrcb7ylskmxyr92svzndhks8hqzn8hvg7f7j89rkvq5k"))))
792 (build-system gnu-build-system)
793 (arguments
794 '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
795 "CC=gcc")
796 #:tests? #f ; no test target
797 #:phases
798 (modify-phases %standard-phases
799 (delete 'configure)))) ; no configure script
800 (home-page "https://github.com/skeeto/endlessh")
801 (synopsis "SSH tarpit that slowly sends an endless banner")
802 (description
803 "Endlessh is an SSH tarpit that very slowly sends an endless, random SSH
804banner. It keeps SSH clients locked up for hours or even days at a time. The
805purpose is to put your real SSH server on another port and then let the script
806kiddies get stuck in this tarpit instead of bothering a real server.
807
808Since the tarpit is in the banner before any cryptographic exchange occurs, this
809program doesn't depend on any cryptographic libraries. It's a simple,
810single-threaded, standalone C program. It uses @code{poll()} to trap multiple
811clients at a time.")
812 (license license:unlicense)))
jackhill's copy of GNU Guix: https://guix.gnu.org/