From 249e1f973023eb9deb6e0be00e09ad74301d22c7 Mon Sep 17 00:00:00 2001 From: Alois Wohlschlager Date: Mon, 27 Oct 2025 18:29:21 +0100 Subject: [PATCH] openssh_10_2: init at 10.2p1 OpenSSH 10.1 contains a bug that makes it totally unusable with ControlPersist, which is fixed in 10.2. Temporarily make the latter available as an option while the rebuilds go through staging. --- pkgs/tools/networking/openssh/default.nix | 25 +++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 4 ++++ 2 files changed, 29 insertions(+) diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index ef9b03f25b5c8..f70fd678f68f0 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -48,6 +48,31 @@ in }; }; + openssh_10_2 = common rec { + pname = "openssh"; + version = "10.2p1"; + + src = fetchurl { + url = urlFor version; + hash = "sha256-zMQsBBmTeVkmP6Hb0W2vwYxWuYTANWLSk3zlamD3mLI="; + }; + + extraPatches = [ + # Use ssh-keysign from PATH + # ssh-keysign is used for host-based authentication, and is designed to be used + # as SUID-root program. OpenSSH defaults to referencing it from libexec, which + # cannot be made SUID in Nix. + ./ssh-keysign-8.5.patch + ]; + extraMeta = { + maintainers = with lib.maintainers; [ + philiptaron + numinit + ]; + teams = [ lib.teams.helsinki-systems ]; + }; + }; + openssh_hpn = common rec { pname = "openssh-with-hpn"; version = "10.2p1"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1d243c105b5e6..a7560fc88d1c3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3612,6 +3612,10 @@ with pkgs; etcDir = "/etc/ssh"; }; + openssh_10_2 = opensshPackages.openssh_10_2.override { + etcDir = "/etc/ssh"; + }; + opensshTest = openssh.tests.openssh; opensshWithKerberos = openssh.override {