Skip to content

Commit 445b107

Browse files
vcunatvcunat
committedJun 7, 2017
openssh: fixup build on Hydra
http://hydra.nixos.org/build/53993444
·
branch-off-24.1117.09-beta
1 parent 9135c9f commit 445b107

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed
 

Diff for: ‎pkgs/tools/networking/openssh/default.nix

+7
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,13 @@ stdenv.mkDerivation rec {
4949
]
5050
++ optional withGssapiPatches gssapiSrc;
5151

52+
postPatch =
53+
# On Hydra this makes installation fail (sometimes?),
54+
# and nix store doesn't allow such fancy permission bits anyway.
55+
''
56+
substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711'
57+
'';
58+
5259
buildInputs = [ zlib openssl libedit pkgconfig pam ]
5360
++ optional withKerberos kerberos
5461
++ optional hpnSupport autoreconfHook;

4 commit comments

Comments
 (4)

vcunat commented on Jun 7, 2017

@vcunat
vcunat
on Jun 7, 2017
MemberAuthor

@edolstra: these errors started to creep up in multiple packages. Perhaps it would be easier to allow those bits on the nix store FS than patching all the packages? (Nix will clean them anyway.)

edolstra commented on Jun 7, 2017

@edolstra
edolstra
on Jun 7, 2017
Member

We have to block the creation of setuid/setgid binaries for security reasons, see NixOS/nix@6cc6c15.

edolstra commented on Jun 7, 2017

@edolstra
edolstra
on Jun 7, 2017
Member

On Linux, we could force the chmod call to return 0. But that wouldn't work on OS X so the package would need to be patched anyway.

vcunat commented on Jun 9, 2017

@vcunat
vcunat
on Jun 9, 2017
MemberAuthor

Hmm, OK, I managed to unblock the small channels at least.

Please sign in to comment.