| 1 | ;;; GNU Guix --- Functional package management for GNU |
| 2 | ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> |
| 3 | ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr> |
| 4 | ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> |
| 5 | ;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner <efraim@flashner.co.il> |
| 6 | ;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name> |
| 7 | ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr> |
| 8 | ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> |
| 9 | ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr> |
| 10 | ;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at> |
| 11 | ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> |
| 12 | ;;; Copyright © 2017 ng0 <ng0@n0.is> |
| 13 | ;;; Copyright © 2018 Manuel Graf <graf@init.at> |
| 14 | ;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com> |
| 15 | ;;; |
| 16 | ;;; This file is part of GNU Guix. |
| 17 | ;;; |
| 18 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
| 19 | ;;; under the terms of the GNU General Public License as published by |
| 20 | ;;; the Free Software Foundation; either version 3 of the License, or (at |
| 21 | ;;; your option) any later version. |
| 22 | ;;; |
| 23 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
| 24 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
| 25 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 26 | ;;; GNU General Public License for more details. |
| 27 | ;;; |
| 28 | ;;; You should have received a copy of the GNU General Public License |
| 29 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
| 30 | |
| 31 | (define-module (gnu packages ssh) |
| 32 | #:use-module (gnu packages) |
| 33 | #:use-module (gnu packages autotools) |
| 34 | #:use-module (gnu packages base) |
| 35 | #:autoload (gnu packages boost) (boost) |
| 36 | #:use-module (gnu packages compression) |
| 37 | #:use-module (gnu packages crypto) |
| 38 | #:use-module (gnu packages elf) |
| 39 | #:use-module (gnu packages gnupg) |
| 40 | #:use-module (gnu packages gperf) |
| 41 | #:use-module (gnu packages groff) |
| 42 | #:use-module (gnu packages guile) |
| 43 | #:use-module (gnu packages libedit) |
| 44 | #:use-module (gnu packages linux) |
| 45 | #:use-module (gnu packages logging) |
| 46 | #:use-module (gnu packages m4) |
| 47 | #:use-module (gnu packages multiprecision) |
| 48 | #:use-module (gnu packages ncurses) |
| 49 | #:use-module (gnu packages nettle) |
| 50 | #:use-module (gnu packages kerberos) |
| 51 | #:use-module (gnu packages perl) |
| 52 | #:use-module (gnu packages pkg-config) |
| 53 | #:use-module (gnu packages popt) |
| 54 | #:autoload (gnu packages protobuf) (protobuf) |
| 55 | #:use-module (gnu packages python) |
| 56 | #:use-module (gnu packages python-xyz) |
| 57 | #:use-module (gnu packages readline) |
| 58 | #:use-module (gnu packages texinfo) |
| 59 | #:use-module (gnu packages tls) |
| 60 | #:use-module (gnu packages xorg) |
| 61 | #:use-module (guix build-system cmake) |
| 62 | #:use-module (guix build-system gnu) |
| 63 | #:use-module (guix build-system python) |
| 64 | #:use-module (guix download) |
| 65 | #:use-module (guix git-download) |
| 66 | #:use-module ((guix licenses) #:prefix license:) |
| 67 | #:use-module (guix packages) |
| 68 | #:use-module (guix utils) |
| 69 | #:use-module (srfi srfi-1)) |
| 70 | |
| 71 | (define-public libssh |
| 72 | (package |
| 73 | (name "libssh") |
| 74 | (version "0.9.2") |
| 75 | (source (origin |
| 76 | (method git-fetch) |
| 77 | (uri (git-reference |
| 78 | (url "https://git.libssh.org/projects/libssh.git") |
| 79 | (commit (string-append "libssh-" version)))) |
| 80 | (sha256 |
| 81 | (base32 |
| 82 | "14g4rvp91skn2hlsjyhkv58vhng65xrf34cfqffixa4al869hzgj")) |
| 83 | (file-name (git-file-name name version)))) |
| 84 | (build-system cmake-build-system) |
| 85 | (outputs '("out" "debug")) |
| 86 | (arguments |
| 87 | '(#:configure-flags '("-DWITH_GCRYPT=ON") |
| 88 | |
| 89 | #:phases (modify-phases %standard-phases |
| 90 | (add-before 'configure 'avoid-werror |
| 91 | (lambda _ |
| 92 | ;; Avoid '-Werror'. Presumably this works fine with |
| 93 | ;; gcc@8 on x86_64 but leads to errors with our older |
| 94 | ;; compiler. |
| 95 | (substitute* "CompilerChecks.cmake" |
| 96 | (("-Werror=") "-W")) |
| 97 | #t))) |
| 98 | |
| 99 | ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite. |
| 100 | #:tests? #f)) |
| 101 | (inputs `(("zlib" ,zlib) |
| 102 | ("libgcrypt" ,libgcrypt))) |
| 103 | (synopsis "SSH client library") |
| 104 | (description |
| 105 | "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client |
| 106 | and server implementations. With libssh, you can remotely execute programs, |
| 107 | transfer files, and use a secure and transparent tunnel for your remote |
| 108 | applications.") |
| 109 | (home-page "https://www.libssh.org") |
| 110 | (license license:lgpl2.1+))) |
| 111 | |
| 112 | (define-public libssh2 |
| 113 | (package |
| 114 | (name "libssh2") |
| 115 | (version "1.9.0") |
| 116 | (source (origin |
| 117 | (method url-fetch) |
| 118 | (uri (string-append |
| 119 | "https://www.libssh2.org/download/libssh2-" |
| 120 | version ".tar.gz")) |
| 121 | (sha256 |
| 122 | (base32 |
| 123 | "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym")))) |
| 124 | (build-system gnu-build-system) |
| 125 | ;; The installed libssh2.pc file does not include paths to libgcrypt and |
| 126 | ;; zlib libraries, so we need to propagate the inputs. |
| 127 | (propagated-inputs `(("libgcrypt" ,libgcrypt) |
| 128 | ("zlib" ,zlib))) |
| 129 | (arguments `(#:configure-flags `("--with-libgcrypt"))) |
| 130 | (synopsis "Client-side C library implementing the SSH2 protocol") |
| 131 | (description |
| 132 | "libssh2 is a library intended to allow software developers access to |
| 133 | the SSH-2 protocol in an easy-to-use self-contained package. It can be built |
| 134 | into an application to perform many different tasks when communicating with |
| 135 | a server that supports the SSH-2 protocol.") |
| 136 | (license license:bsd-3) |
| 137 | (home-page "https://www.libssh2.org/"))) |
| 138 | |
| 139 | (define-public openssh |
| 140 | (package |
| 141 | (name "openssh") |
| 142 | (version "8.0p1") |
| 143 | (source (origin |
| 144 | (method url-fetch) |
| 145 | (uri (string-append "mirror://openbsd/OpenSSH/portable/" |
| 146 | name "-" version ".tar.gz")) |
| 147 | (sha256 |
| 148 | (base32 |
| 149 | "0s7xh4s0qcipnjh9ls5blxcpvhyd116z9dxn3q1yi64lwrwki55x")))) |
| 150 | (build-system gnu-build-system) |
| 151 | (native-inputs `(("groff" ,groff) |
| 152 | ("pkg-config" ,pkg-config))) |
| 153 | (inputs `(("libedit" ,libedit) |
| 154 | ("openssl" ,openssl) |
| 155 | ("pam" ,linux-pam) |
| 156 | ("mit-krb5" ,mit-krb5) |
| 157 | ("zlib" ,zlib) |
| 158 | ("xauth" ,xauth))) ;for 'ssh -X' and 'ssh -Y' |
| 159 | (arguments |
| 160 | `(#:test-target "tests" |
| 161 | ;; Otherwise, the test scripts try to use a nonexistent directory and |
| 162 | ;; fail. |
| 163 | #:make-flags '("REGRESSTMP=\"$${BUILDDIR}/regress\"") |
| 164 | #:configure-flags `("--sysconfdir=/etc/ssh" |
| 165 | |
| 166 | ;; Default value of 'PATH' used by sshd. |
| 167 | "--with-default-path=/run/current-system/profile/bin" |
| 168 | |
| 169 | ;; configure needs to find krb5-config |
| 170 | ,(string-append "--with-kerberos5=" |
| 171 | (assoc-ref %build-inputs "mit-krb5") |
| 172 | "/bin") |
| 173 | |
| 174 | ;; libedit needed for sftp completion |
| 175 | "--with-libedit" |
| 176 | |
| 177 | ;; Enable PAM support in sshd. |
| 178 | "--with-pam") |
| 179 | |
| 180 | #:phases |
| 181 | (modify-phases %standard-phases |
| 182 | (add-after 'configure 'reset-/var/empty |
| 183 | (lambda* (#:key outputs #:allow-other-keys) |
| 184 | (let ((out (assoc-ref outputs "out"))) |
| 185 | (substitute* "Makefile" |
| 186 | (("PRIVSEP_PATH=/var/empty") |
| 187 | (string-append "PRIVSEP_PATH=" out "/var/empty"))) |
| 188 | #t))) |
| 189 | (add-before 'check 'patch-tests |
| 190 | (lambda _ |
| 191 | ;; remove 't-exec' regress target which requires user 'sshd' |
| 192 | (substitute* "regress/Makefile" |
| 193 | (("^(REGRESS_TARGETS=.*) t-exec(.*)" all pre post) |
| 194 | (string-append pre post))) |
| 195 | #t)) |
| 196 | (replace 'install |
| 197 | (lambda* (#:key outputs (make-flags '()) #:allow-other-keys) |
| 198 | ;; install without host keys and system configuration files |
| 199 | (apply invoke "make" "install-nosysconf" make-flags) |
| 200 | (install-file "contrib/ssh-copy-id" |
| 201 | (string-append (assoc-ref outputs "out") |
| 202 | "/bin/")) |
| 203 | (chmod (string-append (assoc-ref outputs "out") |
| 204 | "/bin/ssh-copy-id") #o555) |
| 205 | (install-file "contrib/ssh-copy-id.1" |
| 206 | (string-append (assoc-ref outputs "out") |
| 207 | "/share/man/man1/")) |
| 208 | #t))))) |
| 209 | (synopsis "Client and server for the secure shell (ssh) protocol") |
| 210 | (description |
| 211 | "The SSH2 protocol implemented in OpenSSH is standardised by the |
| 212 | IETF secsh working group and is specified in several RFCs and drafts. |
| 213 | It is composed of three layered components: |
| 214 | |
| 215 | The transport layer provides algorithm negotiation and a key exchange. |
| 216 | The key exchange includes server authentication and results in a |
| 217 | cryptographically secured connection: it provides integrity, confidentiality |
| 218 | and optional compression. |
| 219 | |
| 220 | The user authentication layer uses the established connection and relies on |
| 221 | the services provided by the transport layer. It provides several mechanisms |
| 222 | for user authentication. These include traditional password authentication |
| 223 | as well as public-key or host-based authentication mechanisms. |
| 224 | |
| 225 | The connection layer multiplexes many different concurrent channels over the |
| 226 | authenticated connection and allows tunneling of login sessions and |
| 227 | TCP-forwarding. It provides a flow control service for these channels. |
| 228 | Additionally, various channel-specific options can be negotiated.") |
| 229 | (license (license:non-copyleft "file://LICENSE" |
| 230 | "See LICENSE in the distribution.")) |
| 231 | (home-page "https://www.openssh.com/"))) |
| 232 | |
| 233 | (define-public guile-ssh |
| 234 | (package |
| 235 | (name "guile-ssh") |
| 236 | (version "0.11.3") |
| 237 | (home-page "https://github.com/artyom-poptsov/guile-ssh") |
| 238 | (source (origin |
| 239 | (method git-fetch) |
| 240 | (uri (git-reference |
| 241 | (url home-page) |
| 242 | (commit (string-append "v" version)))) |
| 243 | (file-name (string-append name "-" version ".tar.gz")) |
| 244 | (sha256 |
| 245 | (base32 |
| 246 | "03bv3hwp2s8f0bqgfjaan9jx4dyab0abv27n2zn2g0izlidv0vl6")) |
| 247 | (modules '((guix build utils))) |
| 248 | (snippet |
| 249 | '(begin |
| 250 | ;; libssh >= 0.8.0 no longer provides libssh_threads: see |
| 251 | ;; <https://github.com/artyom-poptsov/guile-ssh/issues/9>. |
| 252 | (substitute* "libguile-ssh/Makefile.am" |
| 253 | (("-lssh_threads") "")) |
| 254 | |
| 255 | ;; This test would wrongfully pick DSS keys when running on |
| 256 | ;; libssh >= 0.8.0, which fails: |
| 257 | ;; <https://github.com/artyom-poptsov/guile-ssh/issues/10>. |
| 258 | (substitute* "tests/server.scm" |
| 259 | (("= %libssh-minor-version 7") |
| 260 | ">= %libssh-minor-version 7")) |
| 261 | |
| 262 | ;; Allow builds with Guile 3.0. |
| 263 | (substitute* "configure.ac" |
| 264 | (("^GUILE_PKG.*$") |
| 265 | "GUILE_PKG([3.0 2.2 2.0])\n")) |
| 266 | #t)))) |
| 267 | (build-system gnu-build-system) |
| 268 | (outputs '("out" "debug")) |
| 269 | (arguments |
| 270 | '(;; It makes no sense to build libguile-ssh.a. |
| 271 | #:configure-flags '("--disable-static") |
| 272 | |
| 273 | #:phases (modify-phases %standard-phases |
| 274 | (add-before 'build 'fix-libguile-ssh-file-name |
| 275 | (lambda* (#:key outputs #:allow-other-keys) |
| 276 | ;; Build and install libguile-ssh.so so that we can use |
| 277 | ;; its absolute file name in .scm files, before we build |
| 278 | ;; the .go files. |
| 279 | (let* ((out (assoc-ref outputs "out")) |
| 280 | (lib (string-append out "/lib"))) |
| 281 | (invoke "make" "install" |
| 282 | "-C" "libguile-ssh" |
| 283 | "-j" (number->string |
| 284 | (parallel-job-count))) |
| 285 | (substitute* (find-files "." "\\.scm$") |
| 286 | (("\"libguile-ssh\"") |
| 287 | (string-append "\"" lib "/libguile-ssh\""))) |
| 288 | #t))) |
| 289 | (add-after 'install 'remove-bin-directory |
| 290 | (lambda* (#:key outputs #:allow-other-keys) |
| 291 | (let* ((out (assoc-ref outputs "out")) |
| 292 | (bin (string-append out "/bin")) |
| 293 | (examples (string-append |
| 294 | out "/share/guile-ssh/examples"))) |
| 295 | (mkdir-p examples) |
| 296 | (rename-file (string-append bin "/ssshd.scm") |
| 297 | (string-append examples "/ssshd.scm")) |
| 298 | (rename-file (string-append bin "/sssh.scm") |
| 299 | (string-append examples "/sssh.scm")) |
| 300 | (delete-file-recursively bin) |
| 301 | #t)))) |
| 302 | ;; Tests are not parallel-safe. |
| 303 | #:parallel-tests? #f)) |
| 304 | (native-inputs `(("autoconf" ,autoconf) |
| 305 | ("automake" ,automake) |
| 306 | ("libtool" ,libtool) |
| 307 | ("texinfo" ,texinfo) |
| 308 | ("pkg-config" ,pkg-config) |
| 309 | ("which" ,which))) |
| 310 | (inputs `(("guile" ,guile-2.2) |
| 311 | ("libssh" ,libssh) |
| 312 | ("libgcrypt" ,libgcrypt))) |
| 313 | (synopsis "Guile bindings to libssh") |
| 314 | (description |
| 315 | "Guile-SSH is a library that provides access to the SSH protocol for |
| 316 | programs written in GNU Guile interpreter. It is a wrapper to the underlying |
| 317 | libssh library.") |
| 318 | (license license:gpl3+))) |
| 319 | |
| 320 | (define-public guile2.0-ssh |
| 321 | (package |
| 322 | (inherit guile-ssh) |
| 323 | (name "guile2.0-ssh") |
| 324 | (inputs `(("guile" ,guile-2.0) |
| 325 | ,@(alist-delete "guile" (package-inputs guile-ssh)))))) |
| 326 | |
| 327 | (define-public guile3.0-ssh |
| 328 | (package |
| 329 | (inherit guile-ssh) |
| 330 | (name "guile3.0-ssh") |
| 331 | (arguments |
| 332 | (substitute-keyword-arguments (package-arguments guile-ssh) |
| 333 | ((#:phases phases) |
| 334 | `(modify-phases ,phases |
| 335 | (add-before 'bootstrap 'delete-old-guile-m4 |
| 336 | (lambda _ |
| 337 | ;; The old 'guile.m4' that's shipped would fail to recognize |
| 338 | ;; Guile 2.9 as "3.0". |
| 339 | (delete-file "m4/guile.m4") |
| 340 | #t)) |
| 341 | (add-before 'build 'adjust-for-guile3 |
| 342 | (lambda _ |
| 343 | ;; Adjust for things that are deprecated in 2.2 and removed in |
| 344 | ;; 3.0. |
| 345 | (substitute* "tests/common.scm" |
| 346 | (("define-module \\(tests common\\)") |
| 347 | "define-module (tests common) |
| 348 | #:use-module (ice-9 threads)\n")) |
| 349 | (substitute* "modules/ssh/tunnel.scm" |
| 350 | (("define-module \\(ssh tunnel\\)") |
| 351 | "define-module (ssh tunnel) |
| 352 | #:use-module (ice-9 threads)")) |
| 353 | (substitute* "modules/srfi/srfi-64.upstream.scm" |
| 354 | (("_IOLBF") |
| 355 | "'line")) |
| 356 | #t)))))) |
| 357 | (inputs `(("guile" ,guile-next) |
| 358 | ,@(alist-delete "guile" (package-inputs guile-ssh)))))) |
| 359 | |
| 360 | (define-public corkscrew |
| 361 | (package |
| 362 | (name "corkscrew") |
| 363 | (version "2.0") |
| 364 | (source |
| 365 | (origin |
| 366 | (method url-fetch) |
| 367 | ;; The agroman.net domain name expired on 2017-03-23, and the original |
| 368 | ;; "http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz" now returns |
| 369 | ;; bogus HTML. Perhaps it will yet return. Until then, use a mirror. |
| 370 | (uri (string-append "https://downloads.openwrt.org/sources/" |
| 371 | "corkscrew-" version ".tar.gz")) |
| 372 | (sha256 (base32 |
| 373 | "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd")))) |
| 374 | (build-system gnu-build-system) |
| 375 | (arguments |
| 376 | `(#:phases |
| 377 | (modify-phases %standard-phases |
| 378 | (replace 'configure |
| 379 | ;; Replace configure phase as the ./configure script does not like |
| 380 | ;; CONFIG_SHELL and SHELL passed as parameters |
| 381 | (lambda* (#:key outputs build target #:allow-other-keys) |
| 382 | (let* ((out (assoc-ref outputs "out")) |
| 383 | (bash (which "bash")) |
| 384 | ;; Set --build and --host flags as the provided config.guess |
| 385 | ;; is not able to detect them |
| 386 | (flags `(,(string-append "--prefix=" out) |
| 387 | ,(string-append "--build=" build) |
| 388 | ,(string-append "--host=" (or target build))))) |
| 389 | (setenv "CONFIG_SHELL" bash) |
| 390 | (apply invoke bash "./configure" flags)))) |
| 391 | (add-after 'install 'install-documentation |
| 392 | (lambda* (#:key outputs #:allow-other-keys) |
| 393 | (let* ((out (assoc-ref outputs "out")) |
| 394 | (doc (string-append out "/share/doc/" ,name "-" ,version))) |
| 395 | (install-file "README" doc) |
| 396 | #t)))))) |
| 397 | (home-page "http://www.agroman.net/corkscrew") |
| 398 | (synopsis "SSH tunneling through HTTP(S) proxies") |
| 399 | (description |
| 400 | "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies. |
| 401 | Proxy authentication is only supported through the plain-text HTTP basic |
| 402 | authentication scheme.") |
| 403 | (license license:gpl2+))) |
| 404 | |
| 405 | (define-public mosh |
| 406 | (package |
| 407 | (name "mosh") |
| 408 | (version "1.3.2") |
| 409 | (source (origin |
| 410 | (method url-fetch) |
| 411 | (uri (string-append "https://mosh.org/mosh-" version ".tar.gz")) |
| 412 | (sha256 |
| 413 | (base32 |
| 414 | "05hjhlp6lk8yjcy59zywpf0r6s0h0b9zxq0lw66dh9x8vxrhaq6s")))) |
| 415 | (build-system gnu-build-system) |
| 416 | (arguments |
| 417 | '(#:phases |
| 418 | (modify-phases %standard-phases |
| 419 | (add-after 'install 'wrap |
| 420 | (lambda* (#:key outputs #:allow-other-keys) |
| 421 | ;; Make sure 'mosh' can find 'mosh-client' and |
| 422 | ;; 'mosh-server'. |
| 423 | (let* ((out (assoc-ref outputs "out")) |
| 424 | (bin (string-append out "/bin"))) |
| 425 | (wrap-program (string-append bin "/mosh") |
| 426 | `("PATH" ":" prefix (,bin))))))))) |
| 427 | (native-inputs |
| 428 | `(("pkg-config" ,pkg-config))) |
| 429 | (inputs |
| 430 | `(("openssl" ,openssl) |
| 431 | ("perl" ,perl) |
| 432 | ("perl-io-tty" ,perl-io-tty) |
| 433 | ("zlib" ,zlib) |
| 434 | ("ncurses" ,ncurses) |
| 435 | ("protobuf" ,protobuf) |
| 436 | ("boost-headers" ,boost))) |
| 437 | (home-page "https://mosh.org/") |
| 438 | (synopsis "Remote shell tolerant to intermittent connectivity") |
| 439 | (description |
| 440 | "Remote terminal application that allows roaming, supports intermittent |
| 441 | connectivity, and provides intelligent local echo and line editing of user |
| 442 | keystrokes. Mosh is a replacement for SSH. It's more robust and responsive, |
| 443 | especially over Wi-Fi, cellular, and long-distance links.") |
| 444 | (license license:gpl3+))) |
| 445 | |
| 446 | (define-public et |
| 447 | (package |
| 448 | (name "et") |
| 449 | (version "3.1.0") |
| 450 | (source |
| 451 | (origin |
| 452 | (method git-fetch) |
| 453 | (uri (git-reference |
| 454 | (url "https://github.com/MisterTea/EternalTCP.git") |
| 455 | (commit (string-append "et-v" version)))) |
| 456 | (file-name (git-file-name name version)) |
| 457 | (sha256 |
| 458 | (base32 "1m5caxckn2ihwp9s2pbyh5amxlpwr7yc54q8s0kb10fr52w2vfnm")))) |
| 459 | (build-system cmake-build-system) |
| 460 | (arguments `(#:tests? #f)) |
| 461 | (native-inputs |
| 462 | `(("pkg-config" ,pkg-config))) |
| 463 | (inputs `(("glog" ,glog) |
| 464 | ("gflags" ,gflags) |
| 465 | ("libsodium" ,libsodium) |
| 466 | ("protobuf" ,protobuf))) |
| 467 | (synopsis "Remote shell that automatically reconnects") |
| 468 | (description |
| 469 | "Eternal Terminal (ET) is a remote shell that automatically reconnects |
| 470 | without interrupting the session. Unlike SSH sessions, ET sessions will |
| 471 | survive even network outages and IP changes. ET uses a custom protocol over |
| 472 | TCP, not the SSH protocol.") |
| 473 | (home-page "https://mistertea.github.io/EternalTCP/") |
| 474 | (license license:asl2.0))) |
| 475 | |
| 476 | (define-public dropbear |
| 477 | (package |
| 478 | (name "dropbear") |
| 479 | (version "2019.78") |
| 480 | (source |
| 481 | (origin |
| 482 | (method url-fetch) |
| 483 | (uri (string-append |
| 484 | "https://matt.ucc.asn.au/dropbear/releases/" |
| 485 | "dropbear-" version ".tar.bz2")) |
| 486 | (sha256 |
| 487 | (base32 "19242qlr40pbqfqd0gg6h8qpj38q6lgv03ja6sahj9vj2abnanaj")))) |
| 488 | (build-system gnu-build-system) |
| 489 | (arguments `(#:tests? #f)) ; there is no "make check" or anything similar |
| 490 | ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least |
| 491 | ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674> |
| 492 | ;; for more information. |
| 493 | (inputs `(("zlib" ,zlib))) |
| 494 | (synopsis "Small SSH server and client") |
| 495 | (description "Dropbear is a relatively small SSH server and |
| 496 | client. It runs on a variety of POSIX-based platforms. Dropbear is |
| 497 | particularly useful for embedded systems, such as wireless routers.") |
| 498 | (home-page "https://matt.ucc.asn.au/dropbear/dropbear.html") |
| 499 | (license (license:x11-style "" "See file LICENSE.")))) |
| 500 | |
| 501 | (define-public liboop |
| 502 | (package |
| 503 | (name "liboop") |
| 504 | (version "1.0.1") |
| 505 | (source |
| 506 | (origin |
| 507 | (method url-fetch) |
| 508 | (uri (string-append "http://ftp.lysator.liu.se/pub/liboop/" |
| 509 | name "-" version ".tar.gz")) |
| 510 | (sha256 |
| 511 | (base32 |
| 512 | "1q0p1l72pq9k3bi7a366j2rishv7dzzkg3i6r2npsfg7cnnidbsn")))) |
| 513 | (build-system gnu-build-system) |
| 514 | (home-page "http://www.lysator.liu.se/liboop/") |
| 515 | (synopsis "Event loop library") |
| 516 | (description "Liboop is a low-level event loop management library for |
| 517 | POSIX-based operating systems. It supports the development of modular, |
| 518 | multiplexed applications which may respond to events from several sources. It |
| 519 | replaces the \"select() loop\" and allows the registration of event handlers |
| 520 | for file and network I/O, timers and signals. Since processes use these |
| 521 | mechanisms for almost all external communication, liboop can be used as the |
| 522 | basis for almost any application.") |
| 523 | (license license:lgpl2.1+))) |
| 524 | |
| 525 | (define-public lsh |
| 526 | (package |
| 527 | (name "lsh") |
| 528 | (version "2.1") |
| 529 | (source (origin |
| 530 | (method url-fetch) |
| 531 | (uri (string-append "mirror://gnu/lsh/lsh-" |
| 532 | version ".tar.gz")) |
| 533 | (sha256 |
| 534 | (base32 |
| 535 | "1qqjy9zfzgny0rkb27c8c7dfsylvb6n0ld8h3an2r83pmaqr9gwb")) |
| 536 | (modules '((guix build utils))) |
| 537 | (snippet |
| 538 | '(begin |
| 539 | (substitute* "src/testsuite/functions.sh" |
| 540 | (("localhost") |
| 541 | ;; Avoid host name lookups since they don't work in |
| 542 | ;; chroot builds. |
| 543 | "127.0.0.1") |
| 544 | (("set -e") |
| 545 | ;; Make tests more verbose. |
| 546 | "set -e\nset -x")) |
| 547 | |
| 548 | (substitute* (find-files "src/testsuite" "-test$") |
| 549 | (("localhost") "127.0.0.1")) |
| 550 | |
| 551 | (substitute* "src/testsuite/login-auth-test" |
| 552 | (("/bin/cat") "cat")) |
| 553 | #t)))) |
| 554 | (build-system gnu-build-system) |
| 555 | (native-inputs |
| 556 | `(("m4" ,m4) |
| 557 | ("guile" ,guile-2.0) |
| 558 | ("gperf" ,gperf) |
| 559 | ("psmisc" ,psmisc))) ; for `killall' |
| 560 | (inputs |
| 561 | `(("nettle" ,nettle-2) |
| 562 | ("linux-pam" ,linux-pam) |
| 563 | |
| 564 | ;; 'rl.c' uses the 'CPPFunction' type, which is no longer in |
| 565 | ;; Readline 6.3. |
| 566 | ("readline" ,readline-6.2) |
| 567 | |
| 568 | ("liboop" ,liboop) |
| 569 | ("zlib" ,zlib) |
| 570 | ("gmp" ,gmp) |
| 571 | |
| 572 | ;; The server (lshd) invokes xauth when X11 forwarding is requested. |
| 573 | ;; This adds 24 MiB (or 27%) to the closure of lsh. |
| 574 | ("xauth" ,xauth))) |
| 575 | (arguments |
| 576 | '(;; Skip the `configure' test that checks whether /dev/ptmx & |
| 577 | ;; co. work as expected, because it relies on impurities (for |
| 578 | ;; instance, /dev/pts may be unavailable in chroots.) |
| 579 | #:configure-flags '("lsh_cv_sys_unix98_ptys=yes" |
| 580 | |
| 581 | ;; Use glibc's argp rather than the bundled one. |
| 582 | "--with-system-argp" |
| 583 | |
| 584 | ;; 'lsh_argp.h' checks HAVE_ARGP_PARSE but nothing |
| 585 | ;; defines it. |
| 586 | "CPPFLAGS=-DHAVE_ARGP_PARSE") |
| 587 | |
| 588 | ;; FIXME: Tests won't run in a chroot, presumably because |
| 589 | ;; /etc/profile is missing, and thus clients get an empty $PATH |
| 590 | ;; and nothing works. |
| 591 | #:tests? #f |
| 592 | |
| 593 | #:phases |
| 594 | (modify-phases %standard-phases |
| 595 | (add-before 'configure 'pre-configure |
| 596 | (lambda* (#:key inputs #:allow-other-keys) |
| 597 | (let* ((nettle (assoc-ref inputs "nettle")) |
| 598 | (sexp-conv (string-append nettle "/bin/sexp-conv"))) |
| 599 | ;; Remove argp from the list of sub-directories; we don't want |
| 600 | ;; to build it, really. |
| 601 | (substitute* "src/Makefile.in" |
| 602 | (("^SUBDIRS = argp") |
| 603 | "SUBDIRS =")) |
| 604 | |
| 605 | ;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place |
| 606 | ;; by default. |
| 607 | (substitute* "src/environ.h.in" |
| 608 | (("^#define PATH_SEXP_CONV.*") |
| 609 | (string-append "#define PATH_SEXP_CONV \"" |
| 610 | sexp-conv "\"\n"))) |
| 611 | |
| 612 | ;; Same for the 'lsh-authorize' script. |
| 613 | (substitute* "src/lsh-authorize" |
| 614 | (("=sexp-conv") |
| 615 | (string-append "=" sexp-conv))) |
| 616 | |
| 617 | ;; Tell lshd where 'xauth' lives. Another option would be to |
| 618 | ;; hardcode "/run/current-system/profile/bin/xauth", thereby |
| 619 | ;; reducing the closure size, but that wouldn't work on foreign |
| 620 | ;; distros. |
| 621 | (with-fluids ((%default-port-encoding "ISO-8859-1")) |
| 622 | (substitute* "src/server_x11.c" |
| 623 | (("define XAUTH_PROGRAM.*") |
| 624 | (string-append "define XAUTH_PROGRAM \"" |
| 625 | (assoc-ref inputs "xauth") |
| 626 | "/bin/xauth\"\n"))))) |
| 627 | |
| 628 | ;; Tests rely on $USER being set. |
| 629 | (setenv "USER" "guix")))))) |
| 630 | (home-page "http://www.lysator.liu.se/~nisse/lsh/") |
| 631 | (synopsis "GNU implementation of the Secure Shell (ssh) protocols") |
| 632 | (description |
| 633 | "GNU lsh is a free implementation of the SSH version 2 protocol. It is |
| 634 | used to create a secure line of communication between two computers, |
| 635 | providing shell access to the server system from the client. It provides |
| 636 | both the server daemon and the client application, as well as tools for |
| 637 | manipulating key files.") |
| 638 | (license license:gpl2+))) |
| 639 | |
| 640 | (define-public sshpass |
| 641 | (package |
| 642 | (name "sshpass") |
| 643 | (version "1.06") |
| 644 | (synopsis "Non-interactive password authentication with SSH") |
| 645 | (home-page "https://sourceforge.net/projects/sshpass/") |
| 646 | (source |
| 647 | (origin |
| 648 | (method url-fetch) |
| 649 | (uri (string-append "mirror://sourceforge/sshpass/sshpass/" |
| 650 | version "/sshpass-" version ".tar.gz")) |
| 651 | (sha256 |
| 652 | (base32 |
| 653 | "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6")))) |
| 654 | (build-system gnu-build-system) |
| 655 | (description "sshpass is a tool for non-interactivly performing password |
| 656 | authentication with SSH's so-called @dfn{interactive keyboard password |
| 657 | authentication}.") |
| 658 | (license license:gpl2+))) |
| 659 | |
| 660 | (define-public autossh |
| 661 | (package |
| 662 | (name "autossh") |
| 663 | (version "1.4g") |
| 664 | (source |
| 665 | (origin |
| 666 | (method url-fetch) |
| 667 | (uri (string-append |
| 668 | "https://www.harding.motd.ca/autossh/autossh-" |
| 669 | version ".tgz")) |
| 670 | (sha256 |
| 671 | (base32 "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz")))) |
| 672 | (build-system gnu-build-system) |
| 673 | (arguments `(#:tests? #f)) ; There is no "make check" or anything similar |
| 674 | (inputs `(("openssh" ,openssh))) |
| 675 | (synopsis "Automatically restart SSH sessions and tunnels") |
| 676 | (description "autossh is a program to start a copy of @command{ssh} and |
| 677 | monitor it, restarting it as necessary should it die or stop passing traffic.") |
| 678 | (home-page "https://www.harding.motd.ca/autossh/") |
| 679 | (license |
| 680 | ;; Why point to a source file? Well, all the individual files have a |
| 681 | ;; copy of this license in their headers, but there's no separate file |
| 682 | ;; with that information. |
| 683 | (license:non-copyleft "file://autossh.c")))) |
| 684 | |
| 685 | (define-public pdsh |
| 686 | (package |
| 687 | (name "pdsh") |
| 688 | (version "2.33") |
| 689 | (source |
| 690 | (origin |
| 691 | (method url-fetch) |
| 692 | (uri (string-append "https://github.com/chaos/pdsh/" |
| 693 | "releases/download/pdsh-" version |
| 694 | "/pdsh-" version ".tar.gz")) |
| 695 | (file-name (string-append name "-" version ".tar.gz")) |
| 696 | (sha256 |
| 697 | (base32 "0bwlkl9inj66iwvafg00pi3sk9n673phdi0kcc59y9nn55s0hs3k")))) |
| 698 | (build-system gnu-build-system) |
| 699 | (arguments |
| 700 | `(#:configure-flags |
| 701 | (list "--with-ssh") |
| 702 | #:phases |
| 703 | (modify-phases %standard-phases |
| 704 | (add-after 'unpack 'patch-/bin/sh |
| 705 | (lambda _ |
| 706 | (substitute* '("tests/t0006-pdcp.sh" |
| 707 | "tests/t0004-module-loading.sh" |
| 708 | "tests/t2001-ssh.sh" |
| 709 | "tests/t1003-slurm.sh" |
| 710 | "tests/t6036-long-output-lines.sh" |
| 711 | "tests/aggregate-results.sh" |
| 712 | "tests/t2000-exec.sh" |
| 713 | "tests/t0002-internal.sh" |
| 714 | "tests/t1002-dshgroup.sh" |
| 715 | "tests/t5000-dshbak.sh" |
| 716 | "tests/t0001-basic.sh" |
| 717 | "tests/t0005-rcmd_type-and-user.sh" |
| 718 | "tests/test-lib.sh" |
| 719 | "tests/t2002-mrsh.sh" |
| 720 | "tests/t0003-wcoll.sh" |
| 721 | "tests/test-modules/pcptest.c") |
| 722 | (("/bin/sh") (which "bash"))) |
| 723 | #t)) |
| 724 | (add-after 'unpack 'patch-tests |
| 725 | (lambda _ |
| 726 | (substitute* "tests/t6036-long-output-lines.sh" |
| 727 | (("which") (which "which"))) |
| 728 | #t))))) |
| 729 | (inputs |
| 730 | `(("openssh" ,openssh) |
| 731 | ("mit-krb5" ,mit-krb5) |
| 732 | ("perl" ,perl))) |
| 733 | (native-inputs |
| 734 | `(("which" ,which))) |
| 735 | (home-page "https://github.com/chaos/pdsh") |
| 736 | (synopsis "Parallel distributed shell") |
| 737 | (description "Pdsh is a an efficient, multithreaded remote shell client |
| 738 | which executes commands on multiple remote hosts in parallel. Pdsh implements |
| 739 | dynamically loadable modules for extended functionality such as new remote |
| 740 | shell services and remote host selection.") |
| 741 | (license license:gpl2+))) |
| 742 | |
| 743 | (define-public clustershell |
| 744 | (package |
| 745 | (name "clustershell") |
| 746 | (version "1.8.2") |
| 747 | (source |
| 748 | (origin |
| 749 | (method url-fetch) |
| 750 | (uri (string-append "https://github.com/cea-hpc/clustershell/releases" |
| 751 | "/download/v" version |
| 752 | "/ClusterShell-" version ".tar.gz")) |
| 753 | (sha256 |
| 754 | (base32 "1gz2g85wpk35n1fp31q753w01y3p8abm7dnbas28q4yjyvikqw75")))) |
| 755 | (build-system python-build-system) |
| 756 | (inputs `(("openssh" ,openssh))) |
| 757 | (propagated-inputs `(("python-pyyaml" ,python-pyyaml))) |
| 758 | (arguments |
| 759 | `(#:phases (modify-phases %standard-phases |
| 760 | (add-before 'build 'record-openssh-file-name |
| 761 | (lambda* (#:key inputs #:allow-other-keys) |
| 762 | (let ((ssh (assoc-ref inputs "openssh"))) |
| 763 | (substitute* "lib/ClusterShell/Worker/Ssh.py" |
| 764 | (("info\\(\"ssh_path\"\\) or \"ssh\"") |
| 765 | (string-append "info(\"ssh_path\") or \"" |
| 766 | ssh "/bin/ssh\""))) |
| 767 | #t)))))) |
| 768 | (home-page "https://cea-hpc.github.io/clustershell/") |
| 769 | (synopsis "Scalable event-driven Python framework for cluster administration") |
| 770 | (description |
| 771 | "ClusterShell is an event-driven Python framework, designed to run local |
| 772 | or distant commands in parallel on server farms or on large GNU/Linux |
| 773 | clusters. It will take care of common issues encountered on HPC clusters, |
| 774 | such as operating on groups of nodes, running distributed commands using |
| 775 | optimized execution algorithms, as well as gathering results and merging |
| 776 | identical outputs, or retrieving return codes. ClusterShell takes advantage |
| 777 | of existing remote shell facilities such as SSH.") |
| 778 | (license license:lgpl2.1+))) |
| 779 | |
| 780 | (define-public endlessh |
| 781 | (package |
| 782 | (name "endlessh") |
| 783 | (version "1.0") |
| 784 | (source |
| 785 | (origin |
| 786 | (method url-fetch) |
| 787 | (uri (string-append "https://github.com/skeeto/endlessh/releases/" |
| 788 | "download/" version "/endlessh-" version ".tar.xz")) |
| 789 | (sha256 |
| 790 | (base32 |
| 791 | "0hhsr65hzrcb7ylskmxyr92svzndhks8hqzn8hvg7f7j89rkvq5k")))) |
| 792 | (build-system gnu-build-system) |
| 793 | (arguments |
| 794 | '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) |
| 795 | "CC=gcc") |
| 796 | #:tests? #f ; no test target |
| 797 | #:phases |
| 798 | (modify-phases %standard-phases |
| 799 | (delete 'configure)))) ; no configure script |
| 800 | (home-page "https://github.com/skeeto/endlessh") |
| 801 | (synopsis "SSH tarpit that slowly sends an endless banner") |
| 802 | (description |
| 803 | "Endlessh is an SSH tarpit that very slowly sends an endless, random SSH |
| 804 | banner. It keeps SSH clients locked up for hours or even days at a time. The |
| 805 | purpose is to put your real SSH server on another port and then let the script |
| 806 | kiddies get stuck in this tarpit instead of bothering a real server. |
| 807 | |
| 808 | Since the tarpit is in the banner before any cryptographic exchange occurs, this |
| 809 | program doesn't depend on any cryptographic libraries. It's a simple, |
| 810 | single-threaded, standalone C program. It uses @code{poll()} to trap multiple |
| 811 | clients at a time.") |
| 812 | (license license:unlicense))) |