search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.38k stars 14.33k forks source link

Split outputs of "openssh" #114824

Open KAction opened 3 years ago

KAction commented 3 years ago

Describe the bug

Currently "openssh" have only one output, which contains both client and server software, which is redundant -- on most servers I do not need ssh client, and on most client machines there is no need in "sshd".

It is quite simple to purge unneeded binaries with

let openssh-client = openssh.overrideAttrs (_: {
    postFixup = ''
      rm $out/bin/sshd
    '';
});

but ideally they were separate outputs from the start (after all, we have "man" output, although it is possible to prune manpages in same way).

Following naive approach:

diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 17a227c496a..4d4e98d1762 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -35,6 +35,7 @@ stdenv.mkDerivation rec {
   pname = "openssh";
   inherit version;

+  outputs = [ "out" "daemon" ];
   src = if hpnSupport then
       fetchurl {
         url = "https://github.com/rapier1/openssh-portable/archive/hpn-KitchenSink-${replaceStrings [ "." "p" ] [ "_" "_P" ] version}.tar.gz";
@@ -125,6 +126,16 @@ stdenv.mkDerivation rec {
     cp contrib/ssh-copy-id.1 $out/share/man/man1/
   '';

+  postFixup = ''
+    mkdir -p $daemon/{bin,libexec,etc/ssh,share/man/man8}
+    cp $out/bin/sshd $daemon/bin
+    cp $out/libexec/sftp-server $daemon/libexec/sftp-server
+    cp $out/etc/ssh/sshd_config $daemon/etc/ssh/
+    cp $out/etc/ssh/moduli $daemon/etc/ssh/
+    cp $out/share/man/man8/sshd.8.gz $daemon/share/man/man8/
+    cp $out/share/man/man8/sftp-server.8.gz $daemon/share/man/man8/
+  '';
+
   installTargets = [ "install-nokeys" ];
   installFlags = [
     "sysconfdir=\${out}/etc/ssh"

does not work since sshd retains reference to $out:

>>= nix why-depends .#openssh.daemon .#openssh
/nix/store/vjjikffcr39s7w0r5914gblvgrjhlpyh-openssh-8.4p1-daemon
└───bin/sshd: …/bin:/usr/sbin:/sbin:/nix/store/k0b7hsi3ra6clfrvsiygq3sqqcrmczan-openssh-8.4p1/bin.....key optio…
    → /nix/store/k0b7hsi3ra6clfrvsiygq3sqqcrmczan-openssh-8.4p1

which I believe comes from _PATH_STDPATH from defines.h. I think this is artifact of build system, and sshd actually has no reason to retain references to anything but sftp-server helper.

Thoughts before I start patching build system?

~eelco~ @edolstra @aneeshusa

stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info