public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5440 from ip1981/strongswan

Browse Source 
Patches to Strongswan
This commit is contained in:
Peter Simons 2014-12-23 13:02:08 +01:00
commit 4bb1e611a2
7 changed files with 83 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/networking/strongswan.nix
View File

@ -118,7 +118,7 @@ in
systemd.services.strongswan = { systemd.services.strongswan = {
description = "strongSwan IPSec Service"; description = "strongSwan IPSec Service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = with pkgs; [ kmod ]; # XXX Linux path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux
wants = [ "keys.target" ]; wants = [ "keys.target" ];
after = [ "network.target" "keys.target" ]; after = [ "network.target" "keys.target" ];
environment = { environment = {

4
pkgs/build-support/setup-hooks/autoreconf.sh
View File

@ -1,11 +1,11 @@
preConfigurePhases+=" autoreconfPhase" preConfigurePhases+=" autoreconfPhase"
for i in @autoconf@ @automake@ @libtool@; do for i in @autoconf@ @automake@ @libtool@ @gettext@; do
findInputs $i nativePkgs propagated-native-build-inputs findInputs $i nativePkgs propagated-native-build-inputs
done done
autoreconfPhase() { autoreconfPhase() {
runHook preAutoreconf runHook preAutoreconf
autoreconf ${autoreconfFlags:---install --force} autoreconf ${autoreconfFlags:---install --force --verbose}
runHook postAutoreconf runHook postAutoreconf
} }

10
pkgs/tools/networking/strongswan/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, gmp, pkgconfig, python }: { stdenv, fetchurl, gmp, pkgconfig, python, autoreconfHook }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "strongswan-5.2.1"; name = "strongswan-5.2.1";
@ -10,7 +10,13 @@ stdenv.mkDerivation rec {
dontPatchELF = true; dontPatchELF = true;
buildInputs = [ gmp pkgconfig python ]; buildInputs = [ gmp pkgconfig python autoreconfHook ];
patches = [
./ext_auth-path.patch
./firewall_defaults.patch
./updown-path.patch
];
configureFlags = [ "--enable-swanctl" "--enable-cmd" ]; configureFlags = [ "--enable-swanctl" "--enable-cmd" ];

13
pkgs/tools/networking/strongswan/ext_auth-path.patch Normal file
View File

@ -0,0 +1,13 @@
Index: strongswan-5.2.1/src/libcharon/plugins/ext_auth/ext_auth_listener.c
===================================================================
--- strongswan-5.2.1.orig/src/libcharon/plugins/ext_auth/ext_auth_listener.c
+++ strongswan-5.2.1/src/libcharon/plugins/ext_auth/ext_auth_listener.c
@@ -101,6 +101,8 @@ METHOD(listener_t, authorize, bool,
*success = FALSE;
+ push_env(envp, countof(envp), "PATH=%s", getenv("PATH"));
+
push_env(envp, countof(envp), "IKE_UNIQUE_ID=%u",
ike_sa->get_unique_id(ike_sa));
push_env(envp, countof(envp), "IKE_NAME=%s",

32
pkgs/tools/networking/strongswan/firewall_defaults.patch Normal file
View File

@ -0,0 +1,32 @@
Index: strongswan-5.2.1/src/starter/confread.c
===================================================================
--- strongswan-5.2.1.orig/src/starter/confread.c
+++ strongswan-5.2.1/src/starter/confread.c
@@ -43,7 +43,7 @@
static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
static const char esp_defaults[] = "aes128-sha1,3des-sha1";
-static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
+static const char firewall_defaults[] = IPSEC_SBINDIR "/" IPSEC_SCRIPT " _updown iptables";
/**
* Provided by GPERF
Index: strongswan-5.2.1/src/starter/Makefile.am
===================================================================
--- strongswan-5.2.1.orig/src/starter/Makefile.am
+++ strongswan-5.2.1/src/starter/Makefile.am
@@ -18,10 +18,12 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/starter \
-I$(top_srcdir)/src/stroke \
- -DIPSEC_DIR=\"${ipsecdir}\" \
+ -DIPSEC_BINDIR=\"${bindir}\" \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
- -DIPSEC_PIDDIR=\"${piddir}\" \
+ -DIPSEC_DIR=\"${ipsecdir}\" \
-DIPSEC_EAPDIR=\"${eapdir}\" \
+ -DIPSEC_PIDDIR=\"${piddir}\" \
+ -DIPSEC_SBINDIR=\"${sbindir}\" \
-DIPSEC_SCRIPT=\"${ipsec_script}\" \
-DDEV_RANDOM=\"${random_device}\" \
-DDEV_URANDOM=\"${urandom_device}\" \

26
pkgs/tools/networking/strongswan/updown-path.patch Normal file
View File

@ -0,0 +1,26 @@
Index: strongswan-5.2.1/src/_updown/_updown.in
===================================================================
--- strongswan-5.2.1.orig/src/_updown/_updown.in
+++ strongswan-5.2.1/src/_updown/_updown.in
@@ -125,7 +125,7 @@
#
# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@"
+PATH="${PATH:-/sbin:/bin:/usr/sbin:/usr/bin}"
export PATH
# uncomment to log VPN connections
Index: strongswan-5.2.1/src/libcharon/plugins/updown/updown_listener.c
===================================================================
--- strongswan-5.2.1.orig/src/libcharon/plugins/updown/updown_listener.c
+++ strongswan-5.2.1/src/libcharon/plugins/updown/updown_listener.c
@@ -240,6 +240,8 @@ static void invoke_once(private_updown_l
process_t *process;
char *envp[128] = {};
+ push_env(envp, countof(envp), "PATH=%s", getenv("PATH"));
+
me = ike_sa->get_my_host(ike_sa);
other = ike_sa->get_other_host(ike_sa);

2
pkgs/top-level/all-packages.nix
View File

@ -252,7 +252,7 @@ let
}; };
autoreconfHook = makeSetupHook autoreconfHook = makeSetupHook
{ substitutions = { inherit autoconf automake libtool; }; } { substitutions = { inherit autoconf automake libtool gettext; }; }
../build-support/setup-hooks/autoreconf.sh; ../build-support/setup-hooks/autoreconf.sh;
buildEnv = import ../build-support/buildenv { buildEnv = import ../build-support/buildenv {