Update to sshd 8.7p1 to resolve coredumps

input-output-hk · Sep 16, 2021 · c075064 · c075064
1 parent 22ea496
commit c075064
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/overlay.nix b/overlay.nix
@@ -25,6 +25,18 @@ in final: prev: {
     ];
   });
 
+  # Remove once nixpkgs is using openssh 8.7p1+ by default to avoid coredumps
+  # Ref: https://bbs.archlinux.org/viewtopic.php?id=265221
+  opensshNoCoredump = let
+    version = "8.7p1";
+  in prev.opensshPackages.openssh.overrideAttrs (oldAttrs: {
+    inherit version;
+    src = prev.fetchurl {
+      url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
+      sha256 = "sha256-fKNLi7JK6eUPM3krcJGzhB1+G0QP9XvJ+r3fAeLtHiQ=";
+    };
+  });
+
   ssm-agent = prev.callPackage ./pkgs/ssm-agent { };
 
   consul = prev.callPackage ./pkgs/consul { };

diff --git a/profiles/common.nix b/profiles/common.nix
@@ -47,6 +47,10 @@
   documentation.doc.enable = false;
   i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" "en_US/ISO-8859-1" ];
 
+  # Remove once nixpkgs is using openssh 8.7p1+ by default to avoid coredumps
+  # Ref: https://bbs.archlinux.org/viewtopic.php?id=265221
+  programs.ssh.package = pkgs.opensshNoCoredump;
+
   programs.sysdig.enable = true;
 
   environment.systemPackages = with pkgs; [