;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès ;;; Copyright © 2014, 2015, 2018 Mark H Weaver ;;; Copyright © 2014 Eric Bavier ;;; Copyright © 2016, 2018 Efraim Flashner ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2017 Kei Kebreau ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu packages tcl) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system perl) #:use-module (gnu packages) #:use-module (gnu packages image) #:use-module (gnu packages fontutils) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages xml) #:use-module (gnu packages xorg) #:use-module (guix licenses)) (define-public tcl (package (name "tcl") (version "8.6.8") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/tcl/Tcl/" version "/tcl" version "-src.tar.gz")) (sha256 (base32
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012-2023 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2016, 2018, 2019, 2020, 2021, 2022 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2019 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016, 2021, 2023 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;; Copyright © 2016 Christine Lemmer-Webber <cwebber@dustycloud.org>
;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017 Nikita <nikita@n0.is>
;;; Copyright © 2018 Manuel Graf <graf@init.at>
;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
;;; Copyright © 2019, 2020 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2020, 2023 Janneke Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2020, 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2023 Simon Streit <simon@netpanic.org>
;;; Copyright © 2024 Zheng Junjie <873216071@qq.com>
;;; Copyright © 2024 Wojtek Kosior <koszko@koszko.org>
;;; Additions and modifications by Wojtek Kosior are additionally
;;; dual-licensed under the Creative Commons Zero v1.0.
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages ssh)
  #:use-module (guix gexp)
  #:use-module (gnu packages)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages base)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages boost)
  #:use-module (gnu packages check)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages crypto)
  #:use-module (gnu packages elf)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages gperf)
  #:use-module (gnu packages groff)
  #:use-module (gnu packages guile)
  #:use-module (gnu packages libedit)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages logging)
  #:use-module (gnu packages m4)
  #:use-module (gnu packages multiprecision)
  #:use-module (gnu packages ncurses)
  #:use-module (gnu packages nettle)
  #:use-module (gnu packages kerberos)
  #:use-module (gnu packages libevent)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages popt)
  #:use-module (gnu packages protobuf)
  #:use-module (gnu packages python)
  #:use-module (gnu packages python-build)
  #:use-module (gnu packages python-crypto)
  #:use-module (gnu packages python-web)
  #:use-module (gnu packages python-xyz)
  #:use-module (gnu packages readline)
  #:use-module (gnu packages security-token)
  #:use-module (gnu packages serialization)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xorg)
  #:use-module (guix build-system cmake)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix gexp)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix utils)
  #:use-module (srfi srfi-1))

(define-public hss
  (package
    (name "hss")
    (version "1.9")
    (source (origin
              (method git-fetch)
              (uri (git-reference
                    (url "https://github.com/six-ddc/hss")
                    (commit version)))
              (file-name (git-file-name name version))
              (sha256
               (base32
                "12578xhvkg70ma411yh8nbpcpnys420bnm9g0dzypb0vn3jxpz8q"))))
    (inputs
     (list readline))
    (arguments
     (list #:make-flags
           #~(list (string-append "CC=" #$(cc-for-target))
                   (string-append "INSTALL_BIN=" #$output "/bin"))
           #:tests? #f                  ; no tests
           #:phases
           #~(modify-phases %standard-phases
               (add-after 'unpack 'patch-file-names
                 (lambda _
                   (substitute* "Makefile"
                     (("/usr/local/opt/readline")
                      #$(this-package-input "readline")))))
               (delete 'configure))))         ; no configure script
    (build-system gnu-build-system)
    (home-page "https://github.com/six-ddc/hss/")
    (synopsis "Interactive SSH client for multiple servers")
    (description
     "@command{hss} is an interactive SSH client for multiple servers.  Commands
are executed on all servers in parallel.  Execution on one server does not need
to wait for that on another server to finish before starting.  One can run a
command on hundreds of servers at the same time, with almost the same experience
as a local Bash shell.

It supports:
@itemize @bullet
@item interactive input: based on GNU readline.
@item history: responding to the @kbd{C-r} key.
@item auto-completion: @key{TAB}-completion from remote servers for commands and
file names.
@end itemize\n")
    (license license:expat)))

(define-public libssh
  (package
    (name "libssh")
    (version "0.10.6")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://www.libssh.org/files/"
                                  (version-major+minor version)
                                  "/libssh-" version ".tar.xz"))
              (sha256
               (base32
                "1hcxvsb4brznxqq6cjwxkk7yv4c48w4fcwxwd8dp9wdnyncd8q8q"))
              (modules '((guix build utils)))
              (snippet
               ;; 'PATH_MAX' is undefined on GNU/Hurd; work around it.
               #~(substitute* (find-files "examples" "\\.c$")
                   (("#include \"examples_common\\.h\"" all)
                    (string-append all "\n"
                                   "#ifndef PATH_MAX\n"
                                   "# define PATH_MAX 4096\n"
                                   "#endif\n"))))))
    (build-system cmake-build-system)
    (outputs '("out" "debug"))
    (arguments
     '(#:configure-flags '("-DWITH_GCRYPT=ON")

       ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
       #:tests? #f))
    (inputs (list zlib libgcrypt mit-krb5))
    (synopsis "SSH client library")
    (description
     "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client
and server implementations.  With libssh, you can remotely execute programs,
transfer files, and use a secure and transparent tunnel for your remote
applications.")
    (home-page "https://www.libssh.org")
    (license license:lgpl2.1+)))

(define-public libssh2
  (package
   (name "libssh2")
   (version "1.10.0")
   (source (origin
            (method url-fetch)
            (uri (string-append
                   "https://www.libssh2.org/download/libssh2-"
                   version ".tar.gz"))
            (sha256
             (base32
              "0l8xwhhscvss7q007vpbkbv7jh9s43579rx2sf8lnfgd7l7yjr1d"))))
   (build-system gnu-build-system)
   ;; The installed libssh2.pc file does not include paths to libgcrypt and
   ;; zlib libraries, so we need to propagate the inputs.
   (propagated-inputs (list libgcrypt zlib))
   (arguments
    (list #:configure-flags #~'("--with-libgcrypt"
                                "--disable-static")))
   (synopsis "Client-side C library implementing the SSH2 protocol")
   (description
    "libssh2 is a library intended to allow software developers access to
the SSH-2 protocol in an easy-to-use self-contained package.  It can be built
into an application to perform many different tasks when communicating with
a server that supports the SSH-2 protocol.")
   (license license:bsd-3)
   (home-page "https://www.libssh2.org/")))

(define-public openssh
  (package
   (name "openssh")
   (version "9.8p1")
   (source
    (origin
      (method url-fetch)
      (uri (string-append "mirror://openbsd/OpenSSH/portable/"
                          "openssh-" version ".tar.gz"))
      (patches (search-patches "openssh-trust-guix-store-directory.patch"))
      (sha256
       (base32 "1wrrb8zrfj9wa9nbpx310kl2k05gm4gxsl5hvycx9dbrlc1d12yx"))))
   (build-system gnu-build-system)
   (arguments
    (list
     #:test-target "tests"
     ;; Not all of the tests can be run in parallel, see
     ;; <https://marc.info/?l=openssh-unix-dev&m=170313565518842>.
     #:parallel-tests? #f
     ;; Otherwise, the test scripts try to use a nonexistent directory and fail.
     #:make-flags
     #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")
     #:configure-flags
     #~(append
        (list "--sysconfdir=/etc/ssh"
              ;; Default value of 'PATH' used by sshd.
              "--with-default-path=/run/current-system/profile/bin"
              ;; configure needs to find krb5-config.
              (string-append "--with-kerberos5="
                             #$(this-package-input "mit-krb5")
                             "/bin")
              ;; libedit is needed for sftp completion.
              "--with-libedit")
        ;; Enable PAM support in sshd.
        (if #$(target-hurd?)
            '()
            (list "--with-pam"
                  ;; Support creation and use of ecdsa-sk, ed25519-sk keys.
                  "--with-security-key-builtin"))
        ;; "make install" runs "install -s" by default, which doesn't work for
        ;; cross-compiled binaries because it invokes 'strip' instead of
        ;; 'TRIPLET-strip'.  Work around this.
        (if #$(%current-target-system)
            (list "--disable-strip")
            '()))
     #:phases
     #~(modify-phases %standard-phases
         (add-after 'configure 'reset-/var/empty
           (lambda _
             (substitute* "Makefile"
               (("PRIVSEP_PATH=/var/empty")
                (string-append "PRIVSEP_PATH=" #$output "/var/empty")))))
         (add-after 'configure 'set-store-location
           (lambda _
             (substitute* "misc.c"
               (("@STORE_DIRECTORY@")
                (string-append "\"" (%store-directory) "\"")))))
         (add-before 'check 'patch-tests
           (lambda _
             (substitute* "regress/test-exec.sh"
               (("/bin/sh") (which "sh")))

             ;; Remove 't-exec' regress target which requires user 'sshd'.
             (substitute* (list "Makefile"
                                "regress/Makefile")
               (("^(tests:.*) t-exec(.*)" all pre post)
                (string-append pre post)))))
         (replace 'install
           (lambda* (#:key (make-flags '()) #:allow-other-keys)
             ;; Install without host keys and system configuration files.  This
             ;; will install /var/empty to the store, which is needed by the
             ;; system openssh-service-type.
             (apply invoke "make" "install-nosysconf" make-flags)
             (with-directory-excursion "contrib"
               (chmod "ssh-copy-id" #o555)
               (install-file "ssh-copy-id"
                             (string-append #$output "/bin/"))
               (install-file "ssh-copy-id.1"
                             (string-append #$output "/share/man/man1/"))))))))
   (native-inputs (list groff pkg-config))
   (inputs
    (cons* libedit
           opens