| blob | eca49afa63feddb2d55f656812c11294b87d0732 |
1 { lib, stdenv, nixosTests, fetchFromGitHub, pam, openssl, perl }:
3 stdenv.mkDerivation rec {
4 pname = "pam_ssh_agent_auth";
5 version = "0.10.4";
7 src = fetchFromGitHub {
8 owner = "jbeverly";
9 repo = "pam_ssh_agent_auth";
10 rev = "pam_ssh_agent_auth-${version}";
11 sha256 = "YD1R8Cox0UoNiuWleKGzWSzxJ5lhDRCB2mZPp9OM6Cs=";
12 };
14 ed25519-donna = fetchFromGitHub {
15 owner = "floodyberry";
16 repo = "ed25519-donna";
17 rev = "8757bd4cd209cb032853ece0ce413f122eef212c";
18 sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM=";
19 };
21 buildInputs = [ pam openssl perl ];
23 patches = [
24 # Allow multiple colon-separated authorized keys files to be
25 # specified in the file= option.
26 ./multiple-key-files.patch
27 ./edcsa-crash-fix.patch
28 ];
30 configureFlags = [
31 # It's not clear to me why this is necessary, but without it, you see:
32 #
33 # checking OpenSSL header version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020)
34 # checking OpenSSL library version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020)
35 # checking whether OpenSSL's headers match the library... no
36 # configure: WARNING: Your OpenSSL headers do not match your
37 # library. Check config.log for details.
38 #
39 # ...despite the fact that clearly the values match
40 "--without-openssl-header-check"
41 # Make sure it can find ed25519-donna
42 "--with-cflags=-I$PWD"
43 ];
45 prePatch = "cp -r ${ed25519-donna}/. ed25519-donna/.";
47 enableParallelBuilding = true;
49 passthru.tests.sudo = nixosTests.ssh-agent-auth;
51 meta = {
52 homepage = "https://github.com/jbeverly/pam_ssh_agent_auth";
53 description = "PAM module for authentication through the SSH agent";
54 maintainers = [ ];
55 platforms = lib.platforms.linux;
56 };
57 }