Revert "openssh: Build with Kerberos by default"

This reverts commit a232dd6. Moving to staging
NixOS · Jan 28, 2018 · f596aa0 · f596aa0
1 parent a232dd6
commit f596aa0
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 6 deletions.
diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix
@@ -69,6 +69,7 @@ in
           [ (self: super: {
               openssh = super.openssh.override {
                 hpnSupport = true;
+                withKerberos = true;
                 kerberos = self.libkrb5;
               };
             };

diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
@@ -1,12 +1,15 @@
 { stdenv, fetchurl, fetchpatch, zlib, openssl, perl, libedit, pkgconfig, pam, autoreconfHook
 , etcDir ? null
 , hpnSupport ? false
-, withKerberos ? true
+, withKerberos ? false
 , withGssapiPatches ? false
 , kerberos
 , linkOpenssl? true
 }:
 
+assert withKerberos -> kerberos != null;
+assert withGssapiPatches -> withKerberos;
+
 let
 
   # **please** update this patch when you update to a new openssh release.
@@ -20,6 +23,8 @@ let
 in
 with stdenv.lib;
 stdenv.mkDerivation rec {
+  # Please ensure that openssh_with_kerberos still builds when
+  # bumping the version here!
   name = "openssh-${version}";
   version = if hpnSupport then "7.5p1" else "7.6p1";
 
@@ -42,7 +47,7 @@ stdenv.mkDerivation rec {
       # See discussion in https://github.com/NixOS/nixpkgs/pull/16966
       ./dont_create_privsep_path.patch
     ]
-    ++ optional withGssapiPatches (assert withKerberos; gssapiPatch);
+    ++ optional withGssapiPatches gssapiPatch;
 
   postPatch =
     # On Hydra this makes installation fail (sometimes?),
@@ -54,8 +59,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ zlib openssl libedit pam ]
     ++ optional withKerberos kerberos
-    ++ optional hpnSupport autoreconfHook
-    ;
+    ++ optional hpnSupport autoreconfHook;
 
   preConfigure = ''
     # Setting LD causes `configure' and `make' to disagree about which linker
@@ -74,7 +78,7 @@ stdenv.mkDerivation rec {
     "--disable-strip"
     (if pam != null then "--with-pam" else "--without-pam")
   ] ++ optional (etcDir != null) "--sysconfdir=${etcDir}"
-    ++ optional withKerberos (assert kerberos != null; "--with-kerberos5=${kerberos}")
+    ++ optional withKerberos "--with-kerberos5=${kerberos}"
     ++ optional stdenv.isDarwin "--disable-libutil"
     ++ optional (!linkOpenssl) "--without-openssl";
 

diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
@@ -142,7 +142,6 @@ mapAliases (rec {
   rdmd = dtools;  # added 2017-08-19
   robomongo = robo3t; #added 2017-09-28
   rssglx = rss-glx; #added 2015-03-25
-  openssh_with_kerberos = openssh; # added 2018-01-28
   rubygems = throw "deprecated 2016-03-02: rubygems is now bundled with ruby";
   rxvt_unicode_with-plugins = rxvt_unicode-with-plugins; # added 2015-04-02
   samsungUnifiedLinuxDriver = samsung-unified-linux-driver; # added 2016-01-25

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
@@ -3886,12 +3886,15 @@ with pkgs;
   openssh =
     callPackage ../tools/networking/openssh {
       hpnSupport = false;
+      withKerberos = stdenv.isDarwin;
       etcDir = "/etc/ssh";
       pam = if stdenv.isLinux then pam else null;
     };
 
   openssh_hpn = pkgs.appendToName "with-hpn" (openssh.override { hpnSupport = true; });
 
+  openssh_with_kerberos = pkgs.appendToName "with-kerberos" (openssh.override { withKerberos = true; });
+
   opensp = callPackage ../tools/text/sgml/opensp { };
 
   opentracker = callPackage ../applications/networking/p2p/opentracker { };