Merge pull request #300716 from LeSuisse/openssh-dsa-keys

  "mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"`

  where the file `secret_file` contains the string `mysecret`.

- `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading

  to another signature algorithm. It is however possible, for the time being, to restore the DSA keys support using `override` to set `dsaKeysSupport = true`.

- `buildGoModule` now throws error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias.

- Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)

, nixosTests

, withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl

, withPAM ? stdenv.hostPlatform.isLinux

, dsaKeysSupport ? false

, linkOpenssl ? true

}:

    "--with-libedit=yes"

    "--disable-strip"

    (lib.withFeature withPAM "pam")

    (lib.enableFeature dsaKeysSupport "dsa-keys")

  ] ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"

    ++ lib.optional withFIDO "--with-security-key-builtin=yes"

    ++ lib.optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")