;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015, 2016, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2018, 2019, 2020, 2021 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2016, 2021 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017 Nikita <nikita@n0.is>
#:use-module (gnu packages gperf)
#:use-module (gnu packages groff)
#:use-module (gnu packages guile)
+ #:use-module (gnu packages hurd)
#:use-module (gnu packages libedit)
#:use-module (gnu packages linux)
#:use-module (gnu packages logging)
version ".tar.gz"))
(sha256
(base32
- "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))))
+ "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym"))
+ (patches (search-patches "libssh2-CVE-2019-17498.patch"))))
(build-system gnu-build-system)
;; The installed libssh2.pc file does not include paths to libgcrypt and
;; zlib libraries, so we need to propagate the inputs.
(define-public openssh
(package
(name "openssh")
- (version "8.4p1")
+ (version "8.6p1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://openbsd/OpenSSH/portable/"
(patches (search-patches "openssh-hurd.patch"))
(sha256
(base32
- "091b3pxdlj47scxx6kkf4agkx8c8sdacdxx8m1dw1cby80pd40as"))))
+ "1bnpivgk98h2f9afpp88jv6g9ps83vnpxd031n2jqxi12vdf9rn3"))))
(build-system gnu-build-system)
(native-inputs `(("groff" ,groff)
("pkg-config" ,pkg-config)))
(inputs `(("libedit" ,libedit)
("openssl" ,openssl)
- ("pam" ,linux-pam)
+ ,@(if (hurd-target?)
+ '()
+ `(("pam" ,linux-pam)))
("mit-krb5" ,mit-krb5)
("zlib" ,zlib)
("xauth" ,xauth))) ; for 'ssh -X' and 'ssh -Y'
"--with-libedit"
;; Enable PAM support in sshd.
- "--with-pam"
+ ,,@(if (hurd-target?)
+ '()
+ '("--with-pam"))
;; "make install" runs "install -s" by default,
;; which doesn't work for cross-compiled binaries
(deprecated-package "guile3.0-ssh" guile-ssh))
(define-public corkscrew
- (package
- (name "corkscrew")
- (version "2.0")
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/patpadgett/corkscrew")
- (commit (string-append "v" version))))
- (sha256
- (base32 "0g4pkczrc1zqpnxyyjwcjmyzdj5qqcpzwf1bm3965zdwp94bpppf"))
- (file-name (git-file-name name version))))
- (build-system gnu-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (replace 'configure
- ;; Replace configure phase as the ./configure script does not like
- ;; CONFIG_SHELL and SHELL passed as parameters.
- (lambda* (#:key outputs build target #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bash (which "bash"))
- ;; Set --build and --host flags as the provided config.guess
- ;; is not able to detect them.
- (flags `(,(string-append "--prefix=" out)
- ,(string-append "--build=" build)
- ,(string-append "--host=" (or target build)))))
- (setenv "CONFIG_SHELL" bash)
- (apply invoke bash "./configure" flags))))
- (add-after 'install 'install-documentation
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (doc (string-append out "/share/doc/" ,name "-" ,version)))
- (install-file "README.markdown" doc)
- #t))))))
- (home-page "https://github.com/patpadgett/corkscrew")
- (synopsis "SSH tunneling through HTTP(S) proxies")
- (description
- "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
-Proxy authentication is only supported through the plain-text HTTP basic
-authentication scheme.")
- (license license:gpl2+)))
+ ;; The last 2.0 release hails from 2009. Use a fork (submitted upstream as
+ ;; <https://github.com/patpadgett/corkscrew/pull/5>) that adds now-essential
+ ;; IPv6 and TLS support.
+ (let ((revision "0")
+ (commit "268b71e88ee51fddceab96d665b327394f1feb12"))
+ (package
+ (name "corkscrew")
+ (version (git-version "2.0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rtgill82/corkscrew")
+ (commit commit)))
+ (sha256
+ (base32 "1rylbimlfig3ii4bqr4r058lkc43pqkxnxqpqdpm31blh3xs0dcw"))
+ (file-name (git-file-name name version))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list "--enable-ssl")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'update-metadata
+ (lambda _
+ (substitute* "configure.ac"
+ ;; Our version differs significantly.
+ (("2.0") (string-append ,version " (Guix)")))
+ (substitute* "corkscrew.c"
+ ;; This domain's since been squat.
+ (("\\(agroman@agroman\\.net\\)")
+ (format #f "<~a>" ,(package-home-page this-package))))))
+ (add-after 'install 'install-documentation
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (doc (string-append out "/share/doc/" ,name "-" ,version)))
+ (install-file "README.md" doc)
+ #t))))))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("pkg-config" ,pkg-config)))
+ (inputs
+ `(("openssl" ,openssl)))
+ (home-page "https://github.com/patpadgett/corkscrew")
+ (synopsis "SSH tunneling through HTTP(S) proxies")
+ (description
+ "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
+It supports proxy authentication through the HTTP basic authentication scheme
+with optional @acronym{TLS, Transport-Level Security} to protect credentials.")
+ (license license:gpl2+))))
(define-public mosh
(package
responsive, especially over Wi-Fi, cellular, and long-distance links.")
(license license:gpl3+)))
-(define-public et
- (package
- (name "et")
- (version "3.1.0")
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/MisterTea/EternalTCP")
- (commit (string-append "et-v" version))))
- (file-name (git-file-name name version))
- (sha256
- (base32 "1m5caxckn2ihwp9s2pbyh5amxlpwr7yc54q8s0kb10fr52w2vfnm"))))
- (build-system cmake-build-system)
- (arguments `(#:tests? #f))
- (native-inputs
- `(("pkg-config" ,pkg-config)))
- (inputs `(("glog" ,glog)
- ("gflags" ,gflags)
- ("libsodium" ,libsodium)
- ("protobuf" ,protobuf)))
- (synopsis "Remote shell that automatically reconnects")
- (description
- "Eternal Terminal (ET) is a remote shell that automatically reconnects
-without interrupting the session. Unlike SSH sessions, ET sessions will
-survive even network outages and IP changes. ET uses a custom protocol over
-TCP, not the SSH protocol.")
- (home-page "https://eternalterminal.dev/")
- (license license:asl2.0)))
-
(define-public dropbear
(package
(name "dropbear")
"https://matt.ucc.asn.au/dropbear/releases/"
"dropbear-" version ".tar.bz2"))
(sha256
- (base32 "0fy5ma4cfc2pk25mcccc67b2mf1rnb2c06ilb7ddnxbpnc85s8s8"))))
+ (base32 "0fy5ma4cfc2pk25mcccc67b2mf1rnb2c06ilb7ddnxbpnc85s8s8"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ (delete-file-recursively "libtommath")
+ (delete-file-recursively "libtomcrypt")
+ (substitute* "configure"
+ (("-ltomcrypt") "-ltomcrypt -ltommath"))
+ #t))))
(build-system gnu-build-system)
- (arguments `(#:tests? #f)) ; there is no "make check" or anything similar
- ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least
- ;; cherry-picking important bug fixes from them. See <bugs.gnu.org/24674>
- ;; for more information.
- (inputs `(("zlib" ,zlib)))
+ (arguments
+ `(#:configure-flags '("--disable-bundled-libtom")
+ #:tests? #f)) ; there is no "make check" or anything similar
+ (inputs
+ `(("libtomcrypt" ,libtomcrypt)
+ ("libtommath" ,libtommath)
+ ("zlib" ,zlib)))
(synopsis "Small SSH server and client")
(description "Dropbear is a relatively small SSH server and
client. It runs on a variety of POSIX-based platforms. Dropbear is
(define-public sshpass
(package
(name "sshpass")
- (version "1.06")
- (synopsis "Non-interactive password authentication with SSH")
- (home-page "https://sourceforge.net/projects/sshpass/")
+ (version "1.09")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/sshpass/sshpass/"
version "/sshpass-" version ".tar.gz"))
(sha256
- (base32
- "0q7fblaczb7kwbsz0gdy9267z0sllzgmf0c7z5c9mf88wv74ycn6"))))
+ (base32 "1dwzqknpswa8vjlbwsx9rcq1j2a7px9h9i2anh09pzkz0mg6wx3i"))))
(build-system gnu-build-system)
+ (home-page "https://sourceforge.net/projects/sshpass/")
+ (synopsis "Non-interactive password authentication with SSH")
(description "sshpass is a tool for non-interactively performing password
authentication with SSH's so-called @dfn{interactive keyboard password
authentication}.")
(define-public python-asyncssh
(package
(name "python-asyncssh")
- (version "2.3.0")
+ (version "2.5.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "asyncssh" version))
(sha256
(base32
- "0pi6npmsgx7l9r1qrfvg8mxx3i23ipff492xz4yhrw13f56a7ga4"))))
+ "02xpzir9rmw7b7k07m3f912h6jvy9yzan9yn3ckrmqx2ffpy4r8b"))))
(build-system python-build-system)
(propagated-inputs
`(("python-cryptography" ,python-cryptography)
(define-public webssh
(package
(name "webssh")
- (version "1.5.2")
+ (version "1.5.3")
(source (origin
(method git-fetch)
(uri (git-reference
(file-name (git-file-name name version))
(sha256
(base32
- "1l4bwzaifsd6pl120d400qkhvaznj2ck1lvwg76ycb08jsk6gpaz"))))
+ "1bcy9flrzbvams5p77swwiygv54ac58ia7hpic1bvg30b3wpvv7b"))))
(build-system python-build-system)
(propagated-inputs
`(("python-paramiko" ,python-paramiko)