public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

strongswan: Make it build on macOS

Browse Source 
Original expression could not be built on macOS due to using dependencies to
Linux only packages. This change fixes that by grouping the dependencies based
on the suitable system. In addition, it uses `configure` flags recommended by
the project for building on macOS, as well the ones used by Homebrew.
This commit is contained in:
Nikola Knezevic 2019-03-06 15:14:57 +01:00
parent 931ee3e589
commit 1609f860f5
1 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
pkgs/tools/networking/strongswan/default.nix
View File

@ -8,6 +8,7 @@
, enableTNC ? false, trousers, sqlite, libxml2 , enableTNC ? false, trousers, sqlite, libxml2
, enableNetworkManager ? false, networkmanager , enableNetworkManager ? false, networkmanager
, libpcap , libpcap
, darwin
}: }:
# Note on curl support: If curl is built with gnutls as its backend, the # Note on curl support: If curl is built with gnutls as its backend, the
@ -29,9 +30,10 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig autoreconfHook ]; nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs = buildInputs =
[ curl gmp python iptables ldns unbound openssl pcsclite ] [ curl gmp python ldns unbound openssl pcsclite ]
++ optionals enableTNC [ trousers sqlite libxml2 ] ++ optionals enableTNC [ trousers sqlite libxml2 ]
++ optionals stdenv.isLinux [ systemd.dev pam ] ++ optionals stdenv.isLinux [ systemd.dev pam iptables ]
++ optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [ SystemConfiguration ])
++ optionals enableNetworkManager [ networkmanager ] ++ optionals enableNetworkManager [ networkmanager ]
# ad-hoc fix for https://github.com/NixOS/nixpkgs/pull/51787 # ad-hoc fix for https://github.com/NixOS/nixpkgs/pull/51787
# Remove when the above PR lands in master # Remove when the above PR lands in master
@ -41,23 +43,24 @@ stdenv.mkDerivation rec {
./ext_auth-path.patch ./ext_auth-path.patch
./firewall_defaults.patch ./firewall_defaults.patch
./updown-path.patch ./updown-path.patch
(substituteAll { (optional stdenv.isLinux (substituteAll {
src = ./modprobe-path.patch; src = ./modprobe-path.patch;
inherit kmod; inherit kmod;
}) }))
]; ];
postPatch = '' postPatch = ''
substituteInPlace src/libcharon/plugins/resolve/resolve_handler.c --replace "/sbin/resolvconf" "${openresolv}/sbin/resolvconf"
# swanctl can be configured by files in SWANCTLDIR which defaults to # swanctl can be configured by files in SWANCTLDIR which defaults to
# $out/etc/swanctl. Since that directory is in the nix store users can't # $out/etc/swanctl. Since that directory is in the nix store users can't
# modify it. Ideally swanctl accepts a command line option for specifying # modify it. Ideally swanctl accepts a command line option for specifying
# the configuration files. In the absence of that we patch swanctl to look # the configuration files. In the absence of that we patch swanctl to look
# for configuration files in /etc/swanctl. # for configuration files in /etc/swanctl.
substituteInPlace src/swanctl/swanctl.h --replace "SWANCTLDIR" "\"/etc/swanctl\"" substituteInPlace src/swanctl/swanctl.h --replace "SWANCTLDIR" "\"/etc/swanctl\""
'' + optionalString stdenv.isLinux ''
# glibc-2.26 reorganized internal includes # glibc-2.26 reorganized internal includes
sed '1i#include <stdint.h>' -i src/libstrongswan/utils/utils/memory.h sed '1i#include <stdint.h>' -i src/libstrongswan/utils/utils/memory.h
substituteInPlace src/libcharon/plugins/resolve/resolve_handler.c --replace "/sbin/resolvconf" "${openresolv}/sbin/resolvconf"
''; '';
preConfigure = '' preConfigure = ''
@ -65,17 +68,24 @@ stdenv.mkDerivation rec {
''; '';
configureFlags = configureFlags =
[ "--enable-swanctl" "--enable-cmd" "--enable-systemd" [ "--enable-swanctl"
"--enable-farp" "--enable-dhcp" "--enable-cmd"
"--enable-openssl" "--enable-openssl"
"--enable-eap-sim" "--enable-eap-sim-file" "--enable-eap-simaka-pseudonym" "--enable-eap-sim" "--enable-eap-sim-file" "--enable-eap-simaka-pseudonym"
"--enable-eap-simaka-reauth" "--enable-eap-identity" "--enable-eap-md5" "--enable-eap-simaka-reauth" "--enable-eap-identity" "--enable-eap-md5"
"--enable-eap-gtc" "--enable-eap-aka" "--enable-eap-aka-3gpp2" "--enable-eap-gtc" "--enable-eap-aka" "--enable-eap-aka-3gpp2"
"--enable-eap-mschapv2" "--enable-eap-radius" "--enable-xauth-eap" "--enable-ext-auth" "--enable-eap-mschapv2" "--enable-eap-radius" "--enable-xauth-eap" "--enable-ext-auth"
"--enable-forecast" "--enable-connmark" "--enable-acert" "--enable-acert"
"--enable-pkcs11" "--enable-eap-sim-pcsc" "--enable-dnscert" "--enable-unbound" "--enable-pkcs11" "--enable-eap-sim-pcsc" "--enable-dnscert" "--enable-unbound"
"--enable-af-alg" "--enable-xauth-pam" "--enable-chapoly" "--enable-chapoly"
"--enable-curl" ] "--enable-curl" ]
++ optionals stdenv.isLinux [
"--enable-farp" "--enable-dhcp"
"--enable-systemd"
"--enable-xauth-pam"
"--enable-forecast"
"--enable-connmark"
"--enable-af-alg" ]
++ optionals stdenv.isx86_64 [ "--enable-aesni" "--enable-rdrand" ] ++ optionals stdenv.isx86_64 [ "--enable-aesni" "--enable-rdrand" ]
++ optional (stdenv.hostPlatform.system == "i686-linux") "--enable-padlock" ++ optional (stdenv.hostPlatform.system == "i686-linux") "--enable-padlock"
++ optionals enableTNC [ ++ optionals enableTNC [
@ -89,7 +99,17 @@ stdenv.mkDerivation rec {
"--enable-sqlite" ] "--enable-sqlite" ]
++ optionals enableNetworkManager [ ++ optionals enableNetworkManager [
"--enable-nm" "--enable-nm"
"--with-nm-ca-dir=/etc/ssl/certs" "--with-nm-ca-dir=/etc/ssl/certs" ]
# Taken from: https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX
++ optionals stdenv.isDarwin [
"--disable-systemd"
"--disable-xauth-pam"
"--disable-kernel-netlink"
"--enable-kernel-pfkey"
"--enable-kernel-pfroute"
"--enable-kernel-libipsec"
"--enable-osx-attr"
"--disable-scripts"
]; ];
postInstall = '' postInstall = ''
@ -97,7 +117,7 @@ stdenv.mkDerivation rec {
echo "include /etc/ipsec.secrets" >> $out/etc/ipsec.secrets echo "include /etc/ipsec.secrets" >> $out/etc/ipsec.secrets
''; '';
NIX_LDFLAGS = "-lgcc_s" ; NIX_LDFLAGS = optionalString stdenv.cc.isGNU "-lgcc_s" ;
meta = { meta = {
description = "OpenSource IPsec-based VPN Solution"; description = "OpenSource IPsec-based VPN Solution";