* OpenSSH: optionally use PAM.

* Some purity fixes in OpenSSH: it needs Perl, and we now specify a
  location for the empty privsep directory.

svn path=/nixpkgs/trunk/; revision=7310

pkgs/tools/networking/openssh/builder.sh

@@ -1,13 +0,0 @@
-source $stdenv/setup
-
-
-if test -n "$xauth"; then
-   configureFlags="--with-xauth=$xauth"
-fi
-
-installPhase() {
-   make install-nokeys
-}
-installPhase=installPhase
-
-genericBuild

pkgs/tools/networking/openssh/default.nix

@@ -1,17 +1,34 @@
-{stdenv, fetchurl, zlib, openssl, xforwarding ? false, xauth ? null}:
+{ stdenv, fetchurl, zlib, openssl, perl
+, pamSupport ? false, pam ? null
+, xforwarding ? false, xauth ? null
+}:
 
+assert pamSupport -> pam != null;
 assert xforwarding -> xauth != null;
  
 stdenv.mkDerivation {
   name = "openssh-3.8.1p1";
  
-  builder = ./builder.sh;
+  #builder = ./builder.sh;
   src = fetchurl {
     url = http://nix.cs.uu.nl/dist/tarballs/openssh-3.8.1p1.tar.gz;
     md5 = "1dbfd40ae683f822ae917eebf171ca42";
   };
  
-  buildInputs = [zlib openssl
-  (if xforwarding then xauth else null)
+  buildInputs = [zlib openssl perl
+    (if pamSupport then pam else null)
+    (if xforwarding then xauth else null)
   ];
+
+  configureFlags = "
+    ${if xforwarding then "--with-xauth=${xauth}/bin/xauth" else ""}
+    ${if pamSupport then "--with-pam" else ""}
+  ";
+
+  preConfigure = "
+    configureFlags=\"$configureFlags --with-privsep-path=$out/empty\"
+    ensureDir $out/empty
+  ";
+
+  installPhase = "make install-nokeys"; # !!! patchelf etc.
 }

pkgs/top-level/all-packages.nix

@@ -421,8 +421,9 @@ rec {
   };
 
   openssh = import ../tools/networking/openssh {
-    inherit fetchurl stdenv zlib openssl;
+    inherit fetchurl stdenv zlib openssl pam perl;
     inherit (xlibs) xauth;
+    pamSupport = true;
     xforwarding = true;
   };