From 4fe383de481883d0a4288e4409ab4b7d548a03af Mon Sep 17 00:00:00 2001
From: Shea Levy <shea@shealevy.com>
Date: Fri, 14 Nov 2014 15:22:14 -0500
Subject: [PATCH] strongswan: bump

---
 pkgs/tools/networking/strongswan/default.nix  |  10 +-
 .../strongswan/no-hardcoded-sysconfdir.patch  | 145 ------------------
 .../strongswan/no-sysconfdir-write.patch      |  36 -----
 .../networking/strongswan/respect-path.patch  |  19 ---
 4 files changed, 4 insertions(+), 206 deletions(-)
 delete mode 100644 pkgs/tools/networking/strongswan/no-hardcoded-sysconfdir.patch
 delete mode 100644 pkgs/tools/networking/strongswan/no-sysconfdir-write.patch
 delete mode 100644 pkgs/tools/networking/strongswan/respect-path.patch

diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix
index 490e690e120..e840d0507f6 100644
--- a/pkgs/tools/networking/strongswan/default.nix
+++ b/pkgs/tools/networking/strongswan/default.nix
@@ -1,16 +1,14 @@
-{ stdenv, fetchurl, gmp, autoreconfHook, gettext, pkgconfig }:
+{ stdenv, fetchurl, gmp, pkgconfig }:
 
 stdenv.mkDerivation rec {
-  name = "strongswan-5.2.0";
+  name = "strongswan-5.2.1";
 
   src = fetchurl {
     url = "http://download.strongswan.org/${name}.tar.bz2";
-    sha256 = "1ki6v9c54ykppqnj3prgh62na97yajnvnm2zr1gjxzv05syk035h";
+    sha256 = "05cjjd7gg65bl6fswj2r2i13nn1nk4x86s06y75gwfdvnlrsnlga";
   };
 
-  patches = [ ./respect-path.patch ./no-hardcoded-sysconfdir.patch ];
-
-  buildInputs = [ gmp autoreconfHook gettext pkgconfig ];
+  buildInputs = [ gmp pkgconfig ];
 
   configureFlags = [ "--enable-swanctl" "--enable-cmd" ];
 
diff --git a/pkgs/tools/networking/strongswan/no-hardcoded-sysconfdir.patch b/pkgs/tools/networking/strongswan/no-hardcoded-sysconfdir.patch
deleted file mode 100644
index b186b21a5dd..00000000000
--- a/pkgs/tools/networking/strongswan/no-hardcoded-sysconfdir.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-commit 8e2b65ebf597a4d48daa3308aa032962110ad8f6
-Author: Shea Levy <shea@shealevy.com>
-Date:   Tue Sep 30 15:14:47 2014 -0400
-
-    Allow specifying the ipsec.conf location in strongswan.conf
-
-diff --git a/conf/options/starter.opt b/conf/options/starter.opt
-index 4e6574d..6d7162a 100644
---- a/conf/options/starter.opt
-+++ b/conf/options/starter.opt
-@@ -3,3 +3,6 @@ starter.load =
- 
- starter.load_warning = yes
- 	Disable charon plugin load option warning.
-+
-+starter.config_file = ${sysconfdir}/ipsec.conf
-+	Location of the ipsec.conf conf file
-diff --git a/src/starter/starter.c b/src/starter/starter.c
-index 5c84593..1f365cc 100644
---- a/src/starter/starter.c
-+++ b/src/starter/starter.c
-@@ -488,7 +488,8 @@ int main (int argc, char **argv)
- 	}
- 	if (!config_file)
- 	{
--		config_file = CONFIG_FILE;
-+		config_file = lib->settings->get_str(lib->settings, "starter.config_file",
-+			CONFIG_FILE);
- 	}
- 
- 	init_log("ipsec_starter");
-
-commit 8b839cec684e26ed96f3d891b3ae3565558b2cff
-Author: Shea Levy <shea@shealevy.com>
-Date:   Tue Sep 30 15:11:03 2014 -0400
-
-    Allow specifying the ipsec.secrets location in strongswan.conf
-
-diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt
-index 2cfc2c6..b3ca2b7 100644
---- a/conf/plugins/stroke.opt
-+++ b/conf/plugins/stroke.opt
-@@ -11,5 +11,8 @@ charon.plugins.stroke.prevent_loglevel_changes = no
- charon.plugins.stroke.socket = unix://${piddir}/charon.ctl
- 	Socket provided by the stroke plugin.
- 
-+charon.plugins.stroke.secrets_file = ${sysconfdir}/ipsec.secrets
-+	Location of the ipsec.secrets conf file
-+
- charon.plugins.stroke.timeout = 0
- 	Timeout in ms for any stroke command. Use 0 to disable the timeout.
-diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
-index f908219..673e492 100644
---- a/src/libcharon/plugins/stroke/stroke_cred.c
-+++ b/src/libcharon/plugins/stroke/stroke_cred.c
-@@ -67,6 +67,7 @@ struct private_stroke_cred_t {
- 	/**
- 	 * credentials
- 	 */
-+	char *secrets_file;
- 	mem_cred_t *creds;
- 
- 	/**
-@@ -1297,7 +1298,7 @@ METHOD(stroke_cred_t, reread, void,
- 	if (msg->reread.flags & REREAD_SECRETS)
- 	{
- 		DBG1(DBG_CFG, "rereading secrets");
--		load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
-+		load_secrets(this, NULL, this->secrets_file, 0, prompt);
- 	}
- 	if (msg->reread.flags & REREAD_CACERTS)
- 	{
-@@ -1370,6 +1371,9 @@ stroke_cred_t *stroke_cred_create()
- 			.cachecrl = _cachecrl,
- 			.destroy = _destroy,
- 		},
-+		.secrets_file = lib->settings->get_str(lib->settings,
-+			"%s.plugins.stroke.secrets_file", SECRETS_FILE,
-+			lib->ns),
- 		.creds = mem_cred_create(),
- 	);
- 
-@@ -1380,7 +1384,7 @@ stroke_cred_t *stroke_cred_create()
- 						FALSE, lib->ns);
- 
- 	load_certs(this);
--	load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
-+	load_secrets(this, NULL, this->secrets_file, 0, NULL);
- 
- 	return &this->public;
- }
-diff --git a/src/starter/starter.c b/src/starter/starter.c
-index 71f33ae..5c84593 100644
---- a/src/starter/starter.c
-+++ b/src/starter/starter.c
-@@ -263,8 +263,11 @@ static void generate_selfcert()
- {
- 	struct stat stb;
- 
-+	const char *secrets_file = lib->settings->get_str(lib->settings,
-+		"charon.plugins.stroke.secrets_file", SECRETS_FILE);
-+
- 	/* if ipsec.secrets file is missing then generate RSA default key pair */
--	if (stat(SECRETS_FILE, &stb) != 0)
-+	if (stat(secrets_file, &stb) != 0)
- 	{
- 		mode_t oldmask;
- 		FILE *f;
-@@ -302,7 +305,7 @@ static void generate_selfcert()
- 		/* ipsec.secrets is root readable only */
- 		oldmask = umask(0066);
- 
--		f = fopen(SECRETS_FILE, "w");
-+		f = fopen(secrets_file, "w");
- 		if (f)
- 		{
- 			fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
-@@ -310,7 +313,7 @@ static void generate_selfcert()
- 			fprintf(f, ": RSA myKey.der\n");
- 			fclose(f);
- 		}
--		ignore_result(chown(SECRETS_FILE, uid, gid));
-+		ignore_result(chown(secrets_file, uid, gid));
- 		umask(oldmask);
- 	}
- }
-
-commit 5f2ca3b99b40c47a9b59c7cc75655e5dd041787e
-Author: Shea Levy <shea@shealevy.com>
-Date:   Tue Sep 30 14:31:50 2014 -0400
-
-    Allow specifying the path to strongswan.conf in the STRONGSWAN_CONF env var
-
-diff -Naur a/src/libstrongswan/library.c b/src/libstrongswan/library.c
---- a/src/libstrongswan/library.c	2014-06-05 03:50:30.000000000 -0400
-+++ b/src/libstrongswan/library.c	2014-09-30 15:25:27.927757711 -0400
-@@ -307,7 +307,7 @@
- #ifdef STRONGSWAN_CONF
- 	if (!settings)
- 	{
--		settings = STRONGSWAN_CONF;
-+		settings = getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF;
- 	}
- #endif
- 	this->public.settings = settings_create(settings);
diff --git a/pkgs/tools/networking/strongswan/no-sysconfdir-write.patch b/pkgs/tools/networking/strongswan/no-sysconfdir-write.patch
deleted file mode 100644
index afa85ce1d75..00000000000
--- a/pkgs/tools/networking/strongswan/no-sysconfdir-write.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-commit 0de10fe4950672053fe2b242bcec064e9e88c880
-Author: Shea Levy <shea@shealevy.com>
-Date:   Fri Sep 19 14:32:22 2014 -0400
-
-    Don't fail to install if sysconfdir isn't writable
-
-diff --git a/conf/Makefile.am b/conf/Makefile.am
-index 373be16..85b7b0e 100644
---- a/conf/Makefile.am
-+++ b/conf/Makefile.am
-@@ -152,9 +152,9 @@ maintainer-clean-local:
- 		rm -f $(confsnippets) default.conf plugins/*.conf plugins/*.tmp
- 
- install-data-local: $(plugins_install_src)
--	test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)"
--	test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)"
--	test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)"
-+	test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)" || true
-+	test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)" || true
-+	test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)" || true
- 	test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true
- 	for f in $(options_install_src); do \
- 		name=`basename $$f`; \
-diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
-index 385737a..912fdf8 100644
---- a/src/swanctl/Makefile.am
-+++ b/src/swanctl/Makefile.am
-@@ -54,7 +54,7 @@ maintainer-clean-local:
- 	cd $(srcdir) && rm -f swanctl.conf swanctl.conf.5.main
- 
- install-data-local: swanctl.conf
--	test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)"
-+	test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true
- 	test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true
- 	test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true
- 	test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true
diff --git a/pkgs/tools/networking/strongswan/respect-path.patch b/pkgs/tools/networking/strongswan/respect-path.patch
deleted file mode 100644
index 82f6a356b85..00000000000
--- a/pkgs/tools/networking/strongswan/respect-path.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-commit 09c4ae5b7bcd7057bede788f02c1d2d30aeeacda
-Author: Shea Levy <shea@shealevy.com>
-Date:   Thu Sep 18 02:00:03 2014 -0400
-
-    ipsec script: just append to PATH if already set
-
-diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
-index e6725d0..82041f4 100644
---- a/src/ipsec/_ipsec.in
-+++ b/src/ipsec/_ipsec.in
-@@ -15,7 +15,7 @@
- # for more details.
- 
- # define a minimum PATH environment in case it is not set
--PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
-+PATH="${PATH:-/sbin:/bin:/usr/sbin:/usr/bin}:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
- export PATH
- 
- # set daemon name