tcpcrypt: 2011.07.22 -> 0.3rc1, fix nixos service
This commit is contained in:
Domen Kožar
parent
ddcb9db54f
commit
0ec12d53e6
@ -44,6 +44,8 @@ in
|
|||||||
path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ];
|
path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ];
|
||||||
|
|
||||||
preStart = ''
|
preStart = ''
|
||||||
|
mkdir -p /var/run/tcpcryptd
|
||||||
|
chown tcpcryptd /var/run/tcpcryptd
|
||||||
sysctl -n net.ipv4.tcp_ecn >/run/pre-tcpcrypt-ecn-state
|
sysctl -n net.ipv4.tcp_ecn >/run/pre-tcpcrypt-ecn-state
|
||||||
sysctl -w net.ipv4.tcp_ecn=0
|
sysctl -w net.ipv4.tcp_ecn=0
|
||||||
|
|
||||||
|
|||||||
@ -1,25 +0,0 @@
|
|||||||
From 4ef50d76a2da61be60fea448690e24f35bc37299 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Simons <simons@cryp.to>
|
|
||||||
Date: Wed, 11 Sep 2013 17:19:29 +0200
|
|
||||||
Subject: [PATCH] Run tcpcryptd under uid 93 instead of 666.
|
|
||||||
|
|
||||||
---
|
|
||||||
user/src/linux.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/user/src/linux.c b/user/src/linux.c
|
|
||||||
index b51e6b2..8199193 100644
|
|
||||||
--- a/user/src/linux.c
|
|
||||||
+++ b/user/src/linux.c
|
|
||||||
@@ -198,7 +198,7 @@ void linux_drop_privs(void)
|
|
||||||
|
|
||||||
cap_free(caps);
|
|
||||||
|
|
||||||
- if (setuid(666) == -1)
|
|
||||||
+ if (setuid(93) == -1)
|
|
||||||
err(1, "setuid()");
|
|
||||||
|
|
||||||
caps = cap_init();
|
|
||||||
--
|
|
||||||
1.8.3.4
|
|
||||||
|
|
||||||
@ -1,26 +1,23 @@
|
|||||||
{ fetchurl, stdenv, autoconf, automake, libtool
|
{ fetchurl, stdenv, autoconf, automake, libtool, autoreconfHook
|
||||||
, openssl, libcap, libnfnetlink, libnetfilter_queue
|
, openssl, libcap, libnfnetlink, libnetfilter_queue
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
|
||||||
rev = "0e07772316061ad67b8770e7d98d5dd099c9c7c7";
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "tcpcrypt-2011.07.22";
|
name = "tcpcrypt-0.3-rc1";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://github.com/sorbo/tcpcrypt/archive/${rev}.tar.gz";
|
url = "https://github.com/scslab/tcpcrypt/archive/v0.3-rc1.tar.gz";
|
||||||
sha256 = "1f1f1iawlvipnccwh31fxnb8yam1fgh36m0qcbc29qk1ggwrfnkk";
|
sha256 = "1k79xfip95kyy91b6rnmsgl66g52zrnm92ln4jms133nm2k9s4sa";
|
||||||
name = "${name}.tar.gz";
|
name = "${name}.tar.gz";
|
||||||
};
|
};
|
||||||
|
|
||||||
dontStrip = true;
|
dontStrip = true;
|
||||||
|
|
||||||
buildInputs = [ autoconf automake libtool openssl libcap libnfnetlink libnetfilter_queue ];
|
buildInputs = [ autoreconfHook autoconf automake libtool openssl libcap libnfnetlink libnetfilter_queue ];
|
||||||
|
|
||||||
patches = [ ./0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch ];
|
postUnpack = ''
|
||||||
|
mkdir $sourceRoot/m4
|
||||||
preConfigure = "cd user; autoreconf -i";
|
'';
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
homepage = "http://tcpcrypt.org/";
|
homepage = "http://tcpcrypt.org/";
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user